EIP-2026-114313

The exploit demonstrates an unauthenticated file upload vulnerability in Clockstone and other CMSMasters WordPress themes (version 1.2 and lower). The vulnerable PHP script allows arbitrary file uploads via a direct POST request to `upload.php`, bypassing authentication and enabling remote code execution (RCE) by uploading malicious files.