EIP-2026-114224
PRE-CVEWordPress Plugin WP Photo Album - 'photo' SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114224. PoCs published by THE_MILLER.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the WordPress WP Photo Album (WPPA) plugin. It allows an attacker to extract user credentials from the database by manipulating the 'photo' parameter in the URL.
Description
WordPress Plugin WP Photo Album - 'photo' SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by THE_MILLER · textwebappsphp
https://www.exploit-db.com/exploits/31776
This exploit demonstrates an SQL injection vulnerability in the WordPress WP Photo Album (WPPA) plugin. It allows an attacker to extract user credentials from the database by manipulating the 'photo' parameter in the URL.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
WordPress WP Photo Album (WPPA) plugin
No auth needed
Prerequisites:
WordPress installation with WPPA plugin · Access to the plugin's photo gallery page
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026