EIP-2026-114229

PRE-CVE

WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114229. PoCs published by Lenon Leite.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the WP Email Users WordPress plugin (version 1.4.1). The vulnerability allows any registered user to inject malicious SQL queries via the 'filetitle' parameter in an AJAX request.

Description

WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)

Exploits (1)

exploitdb WORKING POC

by Lenon Leite · textwebappsphp

https://www.exploit-db.com/exploits/41180

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the WP Email Users WordPress plugin (version 1.4.1). The vulnerability allows any registered user to inject malicious SQL queries via the 'filetitle' parameter in an AJAX request.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WP Email Users WordPress Plugin 1.4.1

Auth required

Prerequisites: Registered user account on the target WordPress site

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026