WordPress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

• Exploit Database
• 120 阅读

• 作者： redtimmysec
  日期： 2020-10-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48910/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  # Exploit Title: WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure # Exploit Author: Stefan Broeder, Marco Ortisi (redtimmysec) # Authors blog: https://www.redtimmy.com # Vendor Homepage: https://wpcoursesplugin.com/ # Version Vulnerable: < 2.0.29 # CVE: (requested but not assigned yet)   WP Courses plugin < 2.0.29 does not protect the courses which could be accessed by unauthenticated users using the REST API (/wp-jon/) endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could result in attackers accessing paying content without authorization.   Full story here: https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/