CVE-2026-8628 in EntreDroppers Plugin
Summary
by MITRE • 06/24/2026
The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The payload is delivered via attacker-controlled path-info in the URL (e.g., /wp-admin/admin.php/">alert(0)/?page=EntreDroppers.php), which PHP_SELF reflects directly into the form action attribute.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/24/2026
The EntreDroppers WordPress plugin presents a critical reflected cross-site scripting vulnerability that affects versions through 1.1.2, creating a significant security risk for WordPress installations. This vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase, specifically targeting the PHP_SELF parameter in the administrative interface. The flaw allows unauthenticated attackers to execute malicious scripts against unsuspecting users who visit specifically crafted URLs, making it a particularly dangerous vector for social engineering attacks.
The technical exploitation of this vulnerability occurs through manipulation of the URL path-info component, where attacker-controlled input is directly reflected into the form action attribute without proper sanitization. When an attacker crafts a malicious URL containing script payload within the PHP_SELF parameter, such as /wp-admin/admin.php/">alert(0)/?page=EntreDroppers.php, the plugin fails to properly escape or validate this input before rendering it in the web page context. This direct reflection of user-supplied data into executable code creates an environment where malicious scripts can be injected and executed in the victim's browser context, bypassing standard security controls that protect against such attacks.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with potential access to sensitive administrative functions and user data. Once a user clicks on a malicious link, the reflected script executes within their browser session, potentially allowing attackers to steal cookies, session tokens, or perform actions on behalf of authenticated users. The vulnerability affects all users regardless of authentication status since the attack vector operates through the web interface without requiring valid credentials, making it particularly dangerous in environments where administrative privileges are not properly isolated from public access.
This vulnerability aligns with CWE-79, which defines Cross-Site Scripting as a weakness that allows attackers to inject malicious scripts into web applications. The specific implementation flaw falls under ATT&CK technique T1566.001, which covers the use of malicious links or attachments to deliver payloads to targets. Organizations using affected versions of the EntreDroppers plugin face potential data breaches, privilege escalation attacks, and unauthorized access to administrative functions. The attack requires minimal technical skill from threat actors but can result in significant operational damage through session hijacking, credential theft, or further exploitation of compromised systems.
The recommended mitigation strategy involves immediate upgrading to a patched version of the plugin if available, or implementing temporary workarounds such as input validation rules at the web application firewall level. Administrators should also conduct comprehensive security audits of their WordPress installations, review plugin permissions and access controls, and implement monitoring for suspicious URL patterns. Additionally, user education regarding safe browsing practices and the dangers of clicking unverified links remains crucial in defending against this class of attacks, as the vulnerability ultimately depends on social engineering components to achieve successful exploitation.