EIP-2026-114178
PRE-CVEWordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting (XSS)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114178. PoCs published by Mesut Cetin.
AI-analyzed exploit summary The exploit demonstrates a stored XSS vulnerability in the WordPress Plugin visitors-app 0.3 via the 'user-agent' parameter. It uses a crafted curl command to inject malicious JavaScript, which redirects users to an attacker-controlled page when viewed in the WordPress admin panel.
Description
WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting (XSS)
Exploits (1)
The exploit demonstrates a stored XSS vulnerability in the WordPress Plugin visitors-app 0.3 via the 'user-agent' parameter. It uses a crafted curl command to inject malicious JavaScript, which redirects users to an attacker-controlled page when viewed in the WordPress admin panel.