EIP-2026-114182

PRE-CVE

WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114182. PoCs published by Renos Nikolaou.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the WordPress Wappointment plugin version 2.2.4. The PoC shows how an attacker can inject malicious JavaScript into the 'name' parameter, which is then executed when an admin views the calendar page.

Description

WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Renos Nikolaou · textwebappsphp

https://www.exploit-db.com/exploits/50333

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the WordPress Wappointment plugin version 2.2.4. The PoC shows how an attacker can inject malicious JavaScript into the 'name' parameter, which is then executed when an admin views the calendar page.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Wappointment 2.2.4

No auth needed

Prerequisites: Access to the booking page · Admin user viewing the calendar page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026