.. / CVE-2020-26876

Exploit for WordPress WP Courses Plugin Information Disclosure (CVE-2020-26876)

Description:

WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials.

Nuclei Template

View the template here CVE-2020-26876.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-26876.yaml

References:

https://plugins.trac.wordpress.org/changeset/2389243
https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
https://www.exploit-db.com/exploits/48910
https://nvd.nist.gov/vuln/detail/CVE-2020-26876
https://plugins.trac.wordpress.org/changeset/2388997