EIP-2026-114276

PRE-CVE

WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114276. PoCs published by Swapnil Subhash Bodekar.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in the WordPress plugin WPFront Notification Bar version 1.9.1.04012. The vulnerability allows an attacker to inject malicious JavaScript code into the Custom CSS field, which is then stored in the database and executed when the functionality is triggered.

Description

WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WRITEUP

by Swapnil Subhash Bodekar · textwebappsphp

https://www.exploit-db.com/exploits/50120

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in the WordPress plugin WPFront Notification Bar version 1.9.1.04012. The vulnerability allows an attacker to inject malicious JavaScript code into the Custom CSS field, which is then stored in the database and executed when the functionality is triggered.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WPFront Notification Bar 1.9.1.04012

Auth required

Prerequisites: WordPress installation · WPFront Notification Bar plugin installed and activated · Access to plugin settings

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026