{"vulnerability": "CVE-2020-26876", "sightings": [{"uuid": "a1314a27-bdf2-4db4-9534-35993de853f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26876", "type": "exploited", "source": "https://t.me/arpsyndicate/2823", "content": "#ExploitObserverAlert\n\nCVE-2020-26876\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2020-26876. The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist).\n\nFIRST-EPSS: 0.019880000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T04:21:25.000000Z"}, {"uuid": "d02fc4ec-b2c6-463b-92dc-152900f2a6fd", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26876", "type": "exploited", "source": "https://db.gcve.eu/known-exploited-vulnerabilities-catalog/8c933597-3184-468f-a2e5-34d31c8ace97", "content": "", "creation_timestamp": "2026-06-23T11:12:54.871095Z"}]}