EIP-2026-114122

PRE-CVE

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114122. PoCs published by Heine Pedersen.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in the Track That Stat WordPress plugin, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject malicious JavaScript code to steal cookies or perform other attacks.

Description

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Heine Pedersen · textwebappsphp

https://www.exploit-db.com/exploits/37204

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in the Track That Stat WordPress plugin, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject malicious JavaScript code to steal cookies or perform other attacks.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Track That Stat WordPress plugin 1.0.8

No auth needed

Prerequisites: Access to a vulnerable WordPress site with the Track That Stat plugin installed

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026