EIP-2026-114358

PRE-CVE

WordPress Theme Uncode 1.3.1 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114358. PoCs published by wp0Day.com.

AI-analyzed exploit summary This exploit targets the Uncode WordPress theme (versions 1.3.0 and possibly 1.3.1) by leveraging an authenticated arbitrary file upload vulnerability to achieve remote code execution (RCE). It logs in as a low-privileged user, uploads a malicious ZIP file, and executes the payload.

Description

WordPress Theme Uncode 1.3.1 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by wp0Day.com · phpwebappsphp

https://www.exploit-db.com/exploits/39895

View Code ZIP pw:eip

This exploit targets the Uncode WordPress theme (versions 1.3.0 and possibly 1.3.1) by leveraging an authenticated arbitrary file upload vulnerability to achieve remote code execution (RCE). It logs in as a low-privileged user, uploads a malicious ZIP file, and executes the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Uncode WordPress Theme 1.3.0 (possibly 1.3.1)

Auth required

Prerequisites: Valid WordPress credentials (customer or subscriber role) · Target URL with vulnerable Uncode theme · Malicious ZIP file hosted remotely

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026