Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.8 views

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.5CVSS7.1AI score0.09199EPSS
Exploits1
NVD
NVD
added 2020/10/07 5:15 p.m.28 views

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.5CVSS0.09199EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/10/07 4:56 p.m.36 views

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.6AI score0.09199EPSS
Exploits1References3
CVE
CVE
added 2020/10/07 4:56 p.m.85 views

CVE-2020-26876

CVE-2020-26876 – WordPress WP Courses Plugin up to version 2.0.27/2.0.29 suffers an information-disclosure via the REST API. The issue stems from show_in_rest being enabled for custom post types, allowing access to private course videos and materials through endpoints like /wp-json/wp/v2/course o...

7.5CVSS7.5AI score0.09199EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder