CVE-2020-26876 PoC — WordPress 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26876.yaml

Associated Vulnerability

Title:WordPress 安全漏洞 (CVE-2020-26876)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。iframe是使用在其中的一个用于将另一个文档嵌入当前HTML文档中的内联框架。 WordPress 2.0.27版本插件 wp-courses存在安全漏洞，该漏洞源于show_in_rest启用自定义职位类型(例如,/wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist)。攻击者可利用该漏洞绕过指定的付款步骤(课程

Description

WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials.

File Snapshot


 id: CVE-2020-26876

info:
  name: WordPress WP Courses Plugin Information Disclosure
  author: dwisi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!