EIP-2026-114243

PRE-CVE

WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114243. PoCs published by Rahul Pratap Singh.

AI-analyzed exploit summary The exploit demonstrates a persistent XSS vulnerability in the 'wpspro_country' parameter and a CSRF vulnerability allowing account takeover via password change in WP Symposium Pro Social Network plugin version 15.12. Functional PoC code for CSRF is provided.

Description

WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Rahul Pratap Singh · textwebappsphp

https://www.exploit-db.com/exploits/39202

View Code ZIP pw:eip

The exploit demonstrates a persistent XSS vulnerability in the 'wpspro_country' parameter and a CSRF vulnerability allowing account takeover via password change in WP Symposium Pro Social Network plugin version 15.12. Functional PoC code for CSRF is provided.

Classification

Working Poc 95%

Attack Type

Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: WP Symposium Pro Social Network plugin v15.12

No auth needed

Prerequisites: Target running vulnerable plugin version · Victim interaction for CSRF

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026