EIP-2026-114315

PRE-CVE

WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114315. PoCs published by wp0Day.com.

AI-analyzed exploit summary This exploit targets a stored XSS vulnerability in the Bridge WordPress theme (version 9.1.3) to either enable maintenance mode or inject JavaScript to create an admin account. It requires valid WordPress credentials and uses cURL for authenticated POST requests.

Description

WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by wp0Day.com · phpwebappsphp

https://www.exploit-db.com/exploits/39892

View Code ZIP pw:eip

This exploit targets a stored XSS vulnerability in the Bridge WordPress theme (version 9.1.3) to either enable maintenance mode or inject JavaScript to create an admin account. It requires valid WordPress credentials and uses cURL for authenticated POST requests.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Bridge - Creative Multi-Purpose WordPress Theme 9.1.3

Auth required

Prerequisites: Valid WordPress credentials (customer or subscriber role) · Target running Bridge theme version 9.1.3 · Access to wp-admin/admin-ajax.php

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026