EIP-2026-114199
PRE-CVEWordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114199. PoCs published by Panagiotis Vagenas.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in WordPress Download Manager plugin (version 2.9.60) that allows an attacker to install arbitrary plugins via the `wpdm-install-addon` AJAX action. The PoC includes a crafted HTML form that submits a malicious plugin URL, leading to remote code execution if the plugin contains malicious code.
Description
WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery
Exploits (1)
This exploit demonstrates a CSRF vulnerability in WordPress Download Manager plugin (version 2.9.60) that allows an attacker to install arbitrary plugins via the `wpdm-install-addon` AJAX action. The PoC includes a crafted HTML form that submits a malicious plugin URL, leading to remote code execution if the plugin contains malicious code.