Exploit/Advisories

Published on October 24th, 2020 📆 | 6254 Views ⚑

WordPress Plugin WP Courses

# Exploit Title: WP Courses < 2.0.29 - Broken Access Controls leading to 
Courses Content Disclosure
# Exploit Author: Stefan Broeder, Marco Ortisi (redtimmysec)
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://wpcoursesplugin.com/
# Version Vulnerable: < 2.0.29
# CVE: (requested but not assigned yet)

WP Courses plugin < 2.0.29 does not protect the courses which could be 
accessed by unauthenticated users using the REST API (/wp-jon/) 
endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could 
result in attackers accessing paying content without authorization.

Full story here: 
https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/

Source link

Tagged with: courses • php • plugin • webapps • wordpress

Comments are closed.

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Popular
- Red Hat Security Advisory 2024-2886-03 – Torchsec by Admin May 18, 2024 The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2886.jsonRed Hat officially shut… (9)
- Ubuntu Security Notice USN-6803-1 – Torchsec by Admin June 1, 2024 ==========================================================================Ubuntu Security Notice USN-6803-1May 30, 2024ffmpeg vulnerabilities==========================================================================A security issue affects… (8)
- Ivanti Patches Critical Remote Code Execution Flaws… by Admin May 23, 2024 May 23, 2024NewsroomEndpoint Security / Vulnerability Ivanti on Tuesday rolled… (8)
- DarkGate Malware Replaces AutoIt with AutoHotkey in… by Admin June 4, 2024 Jun 04, 2024NewsroomVulnerability / Threat Intelligence Cyber attacks involving the… (7)
Gloss
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Tanya Gardiner
  
  registered 1 hour, 6 minutes ago
- Margery Cansler
  
  registered 1 hour, 33 minutes ago
- Susie Jewett
  
  registered 4 hours, 34 minutes ago
- Myron Edments
  
  registered 5 hours, 56 minutes ago
- Nicole Gabriele
  
  registered 18 hours, 29 minutes ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- General Talk
  
  active 1 hour, 6 minutes ago
- Ebooks – Papers
  
  active 1 hour, 6 minutes ago
- Embedded Systems, Electronics, Gadgets, and DIY
  
  active 1 hour, 6 minutes ago
- Gaming
  
  active 1 hour, 6 minutes ago
- Help Me !!
  
  active 1 hour, 6 minutes ago
linktr.ee/obewyn

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

WordPress Plugin WP Courses

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups