EIP-2026-114159

PRE-CVE

WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114159. PoCs published by Henry Hoggard.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in WP User Role Editor <=3.12, allowing an attacker to elevate a user's privileges to administrator by tricking an admin into visiting a crafted URL.

Description

WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC
by Henry Hoggard · textwebappsphp
https://www.exploit-db.com/exploits/25721

This exploit demonstrates a CSRF vulnerability in WP User Role Editor <=3.12, allowing an attacker to elevate a user's privileges to administrator by tricking an admin into visiting a crafted URL.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WP User Role Editor <=3.12
No auth needed
Prerequisites: Admin user must visit the crafted URL
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026