WordPress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

Exploit Database
19 阅读

作者： redtimmysec

日期： 2020-10-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48910/

# Exploit Title: WP Courses < 2.0.29 - Broken Access Controls leading to 
Courses Content Disclosure
# Exploit Author: Stefan Broeder, Marco Ortisi (redtimmysec)
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://wpcoursesplugin.com/
# Version Vulnerable: < 2.0.29
# CVE: (requested but not assigned yet)

WP Courses plugin < 2.0.29 does not protect the courses which could be 
accessed by unauthenticated users using the REST API (/wp-jon/) 
endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could 
result in attackers accessing paying content without authorization.

Full story here: 
https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/

last Exploits
WordPress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure的更多信息

Siena CMS 1.242 – ‘err’ Cross-Site Scripting：
JV2 Folder Gallery 3.1.1 – ‘popup_slideshow.php’ Multiple Vulnerabilities：
Taxi Booking Script 1.0 – Cross-site Scripting：
TP-Link WR740N/WR740ND – Multiple Cross-Site Request Forgery Vulnerabilities：
WordPress Plugin Learnpress 4.1.4.1 – Arbitrary Image Renaming：
Infoblox 6.8.2.11 – OS Command Injection：
ColdBookmarks 1.22 – SQL Injection：
FS IMDB Clone 1.0 – ‘f’ / ‘s’ / ‘id’ SQL Injection：