EIP-2026-114120

PRE-CVE

WordPress Plugin Token Manager - 'tid' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114120. PoCs published by TheCyberNuxbie.

AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in the Token Manager WordPress plugin by injecting malicious JavaScript via the 'tid' parameter in two admin endpoints. The payload executes arbitrary script code in the context of the affected site.

Description

WordPress Plugin Token Manager - 'tid' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by TheCyberNuxbie · textwebappsphp

https://www.exploit-db.com/exploits/37836

View Code ZIP pw:eip

The exploit demonstrates a reflected XSS vulnerability in the Token Manager WordPress plugin by injecting malicious JavaScript via the 'tid' parameter in two admin endpoints. The payload executes arbitrary script code in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Token Manager WordPress plugin 1.0.2

Auth required

Prerequisites: Access to the WordPress admin interface · User interaction to trigger the malicious URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026