EIP-2026-114324
PRE-CVEWordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114324. PoCs published by Felipe Andrian Peixoto.
AI-analyzed exploit summary This exploit demonstrates a local file disclosure vulnerability in the Elegance theme for WordPress. It allows an attacker to read arbitrary files on the server by manipulating the '_mysite_download_skin' parameter in a POST request to 'dl-skin.php'.
Description
WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Felipe Andrian Peixoto · htmlwebappsphp
https://www.exploit-db.com/exploits/39333
This exploit demonstrates a local file disclosure vulnerability in the Elegance theme for WordPress. It allows an attacker to read arbitrary files on the server by manipulating the '_mysite_download_skin' parameter in a POST request to 'dl-skin.php'.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Elegance theme for WordPress (version not specified)
No auth needed
Prerequisites:
Target must be using the vulnerable Elegance theme for WordPress · The 'dl-skin.php' script must be accessible
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026