EIP-2026-114273

PRE-CVE

Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114273. PoCs published by SunCSR Team.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in WordPress wpDiscuz plugin versions before 7.0.5, allowing remote code execution via PHP file upload.

Description

Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by SunCSR Team · rubywebappsphp

https://www.exploit-db.com/exploits/49401

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in WordPress wpDiscuz plugin versions before 7.0.5, allowing remote code execution via PHP file upload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress wpDiscuz < 7.0.5

No auth needed

Prerequisites: WordPress site with vulnerable wpDiscuz plugin · Access to a post with wpDiscuz enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026