EIP-2026-114308

PRE-CVE

WordPress Theme Authentic - 'download.php' Arbitrary File Download

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114308. PoCs published by Ashiyane Digital Security Team.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file download vulnerability in the Authentic theme for WordPress. By manipulating the 'file' parameter in the download.php script, an attacker can traverse directories and download sensitive files like wp-config.php.

Description

WordPress Theme Authentic - 'download.php' Arbitrary File Download

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ashiyane Digital Security Team · textwebappsphp

https://www.exploit-db.com/exploits/39297

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file download vulnerability in the Authentic theme for WordPress. By manipulating the 'file' parameter in the download.php script, an attacker can traverse directories and download sensitive files like wp-config.php.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Authentic theme for WordPress (version not specified)

No auth needed

Prerequisites: Access to the target WordPress site with the Authentic theme installed

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026