EIP-2026-114237

PRE-CVE

WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114237. PoCs published by Fikri Fadzil.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in the WordPress WP Support Plus Responsive Ticket System plugin, including SQL injection, full path disclosure, directory traversal, and broken authentication. The PoC provides specific URLs and methods to exploit these vulnerabilities.

Description

WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Fikri Fadzil · textwebappsphp

https://www.exploit-db.com/exploits/34589

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in the WordPress WP Support Plus Responsive Ticket System plugin, including SQL injection, full path disclosure, directory traversal, and broken authentication. The PoC provides specific URLs and methods to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress WP Support Plus Responsive Ticket System 2.0

No auth needed

Prerequisites: Access to the target WordPress site · Plugin version 2.0 installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1005 - Data from Local System T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026