EIP-2026-114306

PRE-CVE

WordPress Theme Archin 3.2 - Configuration Access

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114306. PoCs published by bwall.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated configuration manipulation vulnerability in the Archin WordPress Theme. It allows an attacker to modify WordPress settings, such as enabling user registration with administrator privileges, by sending crafted POST requests to a vulnerable AJAX endpoint.

Description

WordPress Theme Archin 3.2 - Configuration Access

Exploits (1)

exploitdb WORKING POC

by bwall · pythonwebappsphp

https://www.exploit-db.com/exploits/21646

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated configuration manipulation vulnerability in the Archin WordPress Theme. It allows an attacker to modify WordPress settings, such as enabling user registration with administrator privileges, by sending crafted POST requests to a vulnerable AJAX endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Archin WordPress Theme version 3.2

No auth needed

Prerequisites: Target must be running Archin WordPress Theme version 3.2 · AJAX endpoint must be accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026