EIP-2026-114191

PRE-CVE

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114191. PoCs published by Lenon Leite.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file deletion vulnerability in the Woo Import Export Lite WordPress plugin (version 1.0). The vulnerability arises from unsanitized user input in the 'file_name' parameter, allowing an authenticated attacker to delete critical files like 'wp-config.php' via a directory traversal attack.

Description

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion

Exploits (1)

exploitdb WORKING POC

by Lenon Leite · htmlwebappsphp

https://www.exploit-db.com/exploits/44520

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file deletion vulnerability in the Woo Import Export Lite WordPress plugin (version 1.0). The vulnerability arises from unsanitized user input in the 'file_name' parameter, allowing an authenticated attacker to delete critical files like 'wp-config.php' via a directory traversal attack.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Woo Import Export Lite WordPress plugin 1.0

Auth required

Prerequisites: Authenticated user access to the WordPress admin-ajax.php endpoint

MITRE ATT&CK

T1003.002 - Security Account Manager T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026