EIP-2026-114230

PRE-CVE

WordPress Plugin WP PRO Advertising System 4.6.18 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114230. PoCs published by wp0Day.com.

AI-analyzed exploit summary This exploit targets WP PRO Advertising System plugin (v4.6.18) with SQL injection and file deletion via unserialize. It includes functional code for authentication, SQLi payload delivery, and file deletion through a crafted CPDF_Adapter object.

Description

WordPress Plugin WP PRO Advertising System 4.6.18 - SQL Injection

Exploits (1)

exploitdb WORKING POC

by wp0Day.com · phpwebappsphp

https://www.exploit-db.com/exploits/39893

View Code ZIP pw:eip

This exploit targets WP PRO Advertising System plugin (v4.6.18) with SQL injection and file deletion via unserialize. It includes functional code for authentication, SQLi payload delivery, and file deletion through a crafted CPDF_Adapter object.

Classification

Working Poc 95%

Attack Type

Sqli | Deserialization

Complexity

Moderate

Reliability

Reliable

Target: WP PRO Advertising System - All In One Ad Manager v4.6.18

Auth required

Prerequisites: WordPress site with vulnerable plugin installed · Valid advertiser credentials for SQLi mode

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026