header-logo
Suggest Exploit
vendor:
WP Courses
by:
Stefan Broeder, Marco Ortisi (redtimmysec)
8.8
CVSS
HIGH
Broken Access Controls
284
CWE
Product Name: WP Courses
Affected Version From: < 2.0.29
Affected Version To: < 2.0.29
Patch Exists: YES
Related CWE: (requested but not assigned yet)
CPE: a:wpcoursesplugin:wp_courses
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2020

WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

WP Courses plugin < 2.0.29 does not protect the courses which could be accessed by unauthenticated users using the REST API (/wp-jon/) endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could result in attackers accessing paying content without authorization.

Mitigation:

Upgrade to version 2.0.29 or later
Source

Exploit-DB raw data:

# Exploit Title: WP Courses < 2.0.29 - Broken Access Controls leading to 
Courses Content Disclosure
# Exploit Author: Stefan Broeder, Marco Ortisi (redtimmysec)
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://wpcoursesplugin.com/
# Version Vulnerable: < 2.0.29
# CVE: (requested but not assigned yet)

WP Courses plugin < 2.0.29 does not protect the courses which could be 
accessed by unauthenticated users using the REST API (/wp-jon/) 
endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could 
result in attackers accessing paying content without authorization.

Full story here: 
https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/

Navigation

Suggest Exploit

Services By CQR