EIP-2026-114294

PRE-CVE

WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114294. PoCs published by Ashiyane Digital Security Team.

AI-analyzed exploit summary The provided text describes an arbitrary file-upload vulnerability in the Zingiri Web Shop WordPress plugin, allowing attackers to upload malicious files and potentially execute arbitrary code. The vulnerability is due to inadequate file validation in the plugin's file manager component.

Description

WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ashiyane Digital Security Team · textwebappsphp

https://www.exploit-db.com/exploits/38046

View Code ZIP pw:eip

The provided text describes an arbitrary file-upload vulnerability in the Zingiri Web Shop WordPress plugin, allowing attackers to upload malicious files and potentially execute arbitrary code. The vulnerability is due to inadequate file validation in the plugin's file manager component.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Zingiri Web Shop plugin for WordPress 2.5.0

No auth needed

Prerequisites: Access to the vulnerable plugin endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026