lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <0cb74c18cbce173f436ce34679200326@redtimmy.com> Date: Mon, 28 Sep 2020 15:48:25 +0200 From: Red Timmy Security <publications@...timmy.com> To: fulldisclosure@...lists.org Subject: [FD] Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials WP Courses is a Wordpress plugin allowing to define courses with lessons. The course can be: - accessible to everyone without authentication; - only available for logged-in users; - only available for logged-in and paying users. In the latter case, only when a user is registered to WordPress and has bought the product via a third plugin (for example WooCommerce) the contents of the lessons are shown. We have stumbled upon a severe information disclosure vulnerability on WP Course <= 2.0.29 that gives an unauthenticated attacker the ability to exfiltrate all the content of courses (for example videos links, etc...) through the Wordpress REST API (/wp-json). We have published more details and a root cause analysis in the following link: https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ A CVE has been requested but not assigned yet. Kind Regards Red Timmy Security _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists