EIP-2026-114313
PRE-CVEWordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114313. PoCs published by DigiP.
AI-analyzed exploit summary The exploit demonstrates an unauthenticated file upload vulnerability in Clockstone and other CMSMasters WordPress themes (version 1.2 and lower). The vulnerable PHP script allows arbitrary file uploads via a direct POST request to `upload.php`, bypassing authentication and enabling remote code execution (RCE) by uploading malicious files.
Description
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
Exploits (1)
The exploit demonstrates an unauthenticated file upload vulnerability in Clockstone and other CMSMasters WordPress themes (version 1.2 and lower). The vulnerable PHP script allows arbitrary file uploads via a direct POST request to `upload.php`, bypassing authentication and enabling remote code execution (RCE) by uploading malicious files.