EIP-2026-114204

PRE-CVE

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114204. PoCs published by Mohammad Khaleghi.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the WordPress WP Advanced Comment plugin version 0.10. The vulnerability arises due to insufficient input sanitization in the 'comment[meta_value]' parameter, allowing an attacker to inject malicious JavaScript code that executes when viewed by an admin.

Description

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Mohammad Khaleghi · textwebappsphp

https://www.exploit-db.com/exploits/39548

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in the WordPress WP Advanced Comment plugin version 0.10. The vulnerability arises due to insufficient input sanitization in the 'comment[meta_value]' parameter, allowing an attacker to inject malicious JavaScript code that executes when viewed by an admin.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress WP Advanced Comment plugin 0.10

Auth required

Prerequisites: Access to a WordPress site with the vulnerable plugin installed · Ability to submit a comment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026