EIP-2026-114228
PRE-CVEWordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114228. PoCs published by Lenon Leite.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the WP Private Messages WordPress plugin version 1.0.1. The vulnerability allows authenticated users to inject malicious SQL queries via the 'id' parameter in the URL.
Description
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Lenon Leite · textwebappsphp
https://www.exploit-db.com/exploits/40940
This exploit demonstrates a SQL injection vulnerability in the WP Private Messages WordPress plugin version 1.0.1. The vulnerability allows authenticated users to inject malicious SQL queries via the 'id' parameter in the URL.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
WP Private Messages 1.0.1
Auth required
Prerequisites:
Authenticated user access
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026