Full Disclosure mailing list archives
Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials
From: Red Timmy Security <publications () redtimmy com>
Date: Mon, 28 Sep 2020 15:48:25 +0200
WP Courses is a Wordpress plugin allowing to define courses with lessons. The course can be:
- accessible to everyone without authentication; - only available for logged-in users; - only available for logged-in and paying users.In the latter case, only when a user is registered to WordPress and has bought the product via a third plugin (for example WooCommerce) the contents of the lessons are shown.
We have stumbled upon a severe information disclosure vulnerability on WP Course <= 2.0.29 that gives an unauthenticated attacker the ability to exfiltrate all the content of courses (for example videos links, etc...) through the Wordpress REST API (/wp-json).
We have published more details and a root cause analysis in the following link: https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
A CVE has been requested but not assigned yet. Kind Regards Red Timmy Security _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials Red Timmy Security (Sep 29)