EIP-2026-114193

PRE-CVE

WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114193. PoCs published by Panagiotis Vagenas.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in the WooCommerce Store Toolkit plugin (v1.5.5) by allowing any registered user to delete critical site content via unauthenticated actions. The script automates the attack by logging in and sending crafted POST requests to trigger destructive actions.

Description

WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Panagiotis Vagenas · pythonwebappsphp

https://www.exploit-db.com/exploits/39421

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in the WooCommerce Store Toolkit plugin (v1.5.5) by allowing any registered user to delete critical site content via unauthenticated actions. The script automates the attack by logging in and sending crafted POST requests to trigger destructive actions.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WooCommerce Store Toolkit Plugin v1.5.5

Auth required

Prerequisites: Valid user account on the target WordPress site

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026