CVE-2022-47615 – WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion
https://notcve.org/view.php?id=CVE-2022-47615
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Vulnerabilidad de inclusión de archivos locales (LFI) en LearnPress – WordPress LMS Plugin. Se ven afectadas la versión 4.1.7.3.2 y todas las anteriores. The LearnPress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.7.3.2 via the lp/v1/courses/archive-course rest API endpoint. This allows unauthenticated-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://github.com/RandomRobbieBF/CVE-2022-47615 https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-45808 – WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-45808
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Vulnerabilidad de inyección SQL en LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versiones. The LearnPress plugin for WordPress is vulnerable to SQL Injection in versions up to and including 4.1.7.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://github.com/RandomRobbieBF/CVE-2022-45808 https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-45355 – WordPress WP Pipes Plugin <= 1.33 is vulnerable to SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2022-45355
Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions. The WP Pipes plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/wp-pipes/wordpress-wp-pipes-plugin-1-33-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-45820 – WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-45820
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Vulnerabilidad de inyección SQL (SQLi) en LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versión. The LearnPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.1.7.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query passed via the learn_press_recent_courses and learn_press_featured_courses shortcodes. This makes it possible for authenticated attackers with subscriber level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-3360 – LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
https://notcve.org/view.php?id=CVE-2022-3360
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. El complemento LearnPress WordPress anterior a 4.1.7.2 deserializa la entrada del usuario en un punto final API REST disponible para usuarios no autenticados, lo que podría conducir a una Inyección de Objetos PHP cuando hay presente un dispositivo adecuado, lo que lleva a la ejecución remota de código (RCE). Para explotar con éxito esta vulnerabilidad, los atacantes deben tener conocimiento de los secretos del sitio, lo que les permitirá generar un hash válido a través de la función wp_hash(). The LearnPress plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.1.7.1 via deserialization of untrusted input in a REST API endpoint available to unauthenticated users. • https://wpscan.com/vulnerability/acea7a54-a964-4127-a93f-f38f883074e3 • CWE-502: Deserialization of Untrusted Data •