EIP-2026-114148

PRE-CVE

WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114148. PoCs published by Nitin Venkatesh.

AI-analyzed exploit summary This PoC demonstrates CSRF and SQL injection vulnerabilities in the Unite Gallery Lite WordPress Plugin v1.4.6. It includes HTML forms that exploit the vulnerabilities by submitting crafted requests to vulnerable endpoints.

Description

WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Nitin Venkatesh · textwebappsphp

https://www.exploit-db.com/exploits/37705

View Code ZIP pw:eip

This PoC demonstrates CSRF and SQL injection vulnerabilities in the Unite Gallery Lite WordPress Plugin v1.4.6. It includes HTML forms that exploit the vulnerabilities by submitting crafted requests to vulnerable endpoints.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Unite Gallery Lite WordPress Plugin v1.4.6

No auth needed

Prerequisites: Access to a vulnerable WordPress installation with the Unite Gallery Lite plugin v1.4.6 or below

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026