EIP-2026-114213

PRE-CVE

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114213. PoCs published by Mysticism.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Poll 1.1.3. The PoC shows how an attacker can inject malicious JavaScript into the poll question field, which is then executed in the context of the victim's browser.

Description

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by Mysticism · textwebappsphp

https://www.exploit-db.com/exploits/38915

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Poll 1.1.3. The PoC shows how an attacker can inject malicious JavaScript into the poll question field, which is then executed in the context of the victim's browser.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WP Easy Poll 1.1.3

Auth required

Prerequisites: Victim must be authenticated and tricked into visiting a malicious page

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026