EIP-2026-114161

PRE-CVE

WordPress Plugin Usernoise 3.7.8 - Persistent Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114161. PoCs published by RogueCoder.

AI-analyzed exploit summary The vulnerability is a persistent XSS in the Usernoise WordPress plugin (version 3.7.8 and earlier) due to improper handling of user input in the summary field. The PoC demonstrates arbitrary JavaScript execution in the WordPress admin dashboard, targeting administrators.

Description

WordPress Plugin Usernoise 3.7.8 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED
by RogueCoder · textwebappsphp
https://www.exploit-db.com/exploits/27403

The vulnerability is a persistent XSS in the Usernoise WordPress plugin (version 3.7.8 and earlier) due to improper handling of user input in the summary field. The PoC demonstrates arbitrary JavaScript execution in the WordPress admin dashboard, targeting administrators.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Usernoise WordPress plugin 3.7.8 (and earlier)
No auth needed
Prerequisites: Access to submit feedback via the Usernoise plugin
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026