bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48910.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

15 lines
No EOL
734 B
Text
Raw Blame History

# Exploit Title: WP Courses < 2.0.29 - Broken Access Controls leading to
Courses Content Disclosure
# Exploit Author: Stefan Broeder, Marco Ortisi (redtimmysec)
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://wpcoursesplugin.com/
# Version Vulnerable: < 2.0.29
# CVE: (requested but not assigned yet)
WP Courses plugin < 2.0.29 does not protect the courses which could be
accessed by unauthenticated users using the REST API (/wp-jon/)
endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could
result in attackers accessing paying content without authorization.
Full story here:
https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
Reference in a new issue View git blame Copy permalink