Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 4:34 p.m.8 views

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.5CVSS7.1AI score0.09199EPSS
Exploits1
prion
prion
added 2020/10/07 5:15 p.m.18 views

Design/Logic Flaw

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

5CVSS7.6AI score0.09199EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2020/10/07 4:56 p.m.36 views

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.6AI score0.09199EPSS
Exploits1References3
vulncheck_kev
vulncheck_kev
added 2020/10/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.5CVSS7.2AI score0.09199EPSS
Exploits1References1
Rows per page
Query Builder