EIP-2026-114312
PRE-CVEWordPress Theme Chocolate WP - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114312. PoCs published by Eugene Dokukin.
AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in the Chocolate WP Theme for WordPress, including XSS via crafted image paths and potential arbitrary file upload/SSRF through external URL inclusion in the thumb.php script. The PoC URLs show how an attacker can inject malicious JavaScript or force the server to fetch remote files.
Description
WordPress Theme Chocolate WP - Multiple Vulnerabilities
Exploits (1)
The exploit demonstrates multiple vulnerabilities in the Chocolate WP Theme for WordPress, including XSS via crafted image paths and potential arbitrary file upload/SSRF through external URL inclusion in the thumb.php script. The PoC URLs show how an attacker can inject malicious JavaScript or force the server to fetch remote files.