EIP-2026-114176

The exploit demonstrates a remote file upload vulnerability in the WordPress plugin 'videowhisper-video-presentation' v3.31.17, allowing unauthenticated attackers to upload malicious files (e.g., .shtml) due to insufficient file extension validation. The PoC includes a PHP script to upload a file and an .shtml payload for potential remote code execution if SSI is enabled.