EIP-2026-114132

PRE-CVE

WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114132. PoCs published by Gianluca Brindisi.

AI-analyzed exploit summary This is a technical writeup detailing a stored XSS vulnerability in the WordPress uCan Post plugin version 1.0.09. It describes how unsanitized input fields (Name, Email, Post Title) can be exploited to inject malicious scripts, which are then stored and executed in the admin panel.

Description

WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED
by Gianluca Brindisi · textwebappsphp
https://www.exploit-db.com/exploits/18390

This is a technical writeup detailing a stored XSS vulnerability in the WordPress uCan Post plugin version 1.0.09. It describes how unsanitized input fields (Name, Email, Post Title) can be exploited to inject malicious scripts, which are then stored and executed in the admin panel.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress uCan Post plugin <= 1.0.09
Auth required
Prerequisites: Permissions to publish a post from the public interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026