EIP-2026-114337

PRE-CVE

WordPress Theme LineNity 1.20 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114337. PoCs published by felipe andrian.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in the WordPress Theme LineNity via the 'download.php' file. By manipulating the 'imgurl' parameter, an attacker can read arbitrary files on the server, as shown in the provided PoC URLs.

Description

WordPress Theme LineNity 1.20 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by felipe andrian · textwebappsphp

https://www.exploit-db.com/exploits/32861

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in the WordPress Theme LineNity via the 'download.php' file. By manipulating the 'imgurl' parameter, an attacker can read arbitrary files on the server, as shown in the provided PoC URLs.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Theme LineNity (version not specified)

No auth needed

Prerequisites: Access to the vulnerable 'download.php' file · Knowledge of the target server's file structure

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026