{"vulnerability": "CVE-2020-26876", "sightings": [{"uuid": "a1314a27-bdf2-4db4-9534-35993de853f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26876", "type": "exploited", "source": "https://t.me/arpsyndicate/2823", "content": "#ExploitObserverAlert\n\nCVE-2020-26876\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2020-26876. The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist).\n\nFIRST-EPSS: 0.019880000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T04:21:25.000000Z"}, {"uuid": "a8a826b3-5b39-4e1e-a516-5e5456da9d1c", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26876", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4107ceba-0bed-4035-aa9b-b9fe0c1f3d76", "content": "", "creation_timestamp": "2026-06-19T12:53:12.240476Z"}, {"uuid": "24df42a7-e25c-4f5c-ad64-20de5d618fda", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26876", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ac4b387e-0386-4b65-97bf-71b1580cdf95", "content": "", "creation_timestamp": "2026-06-23T14:04:05.757592Z"}]}