CVSS: 8.8EPSS: 11%CPEs: 1EXPL: 2CVE-2020-6010 – LearnPress <= 3.2.6.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection El plugin LearnPress Wordpress versiones anteriores e incluyendo a 3.2.6.7, es vulnerable a una Inyección SQL. LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page. • https://www.exploit-db.com/exploits/50137 http://packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html https://plugins.trac.wordpress.org/browser/learnpress/trunk/readme.txt?rev=2288975 https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins https://wordpress.org/plugins/learnpress/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 6%CPEs: 1EXPL: 2CVE-2020-11511 – LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter
https://notcve.org/view.php?id=CVE-2020-11511
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. El plugin LearnPress versiones anteriores a 3.2.6.9 para WordPress, permite a atacantes remotos escalar privilegios de cualquier usuario a Instructor LP por medio del parámetro accept-to-be-teacher action WordPress LearnPress plugin versions prior to 3.2.6.9 suffer from a privilege escalation vulnerability. • http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html https://cwe.mitre.org/data/definitions/862.html https://wordpress.org/plugins/learnpress/#developers https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7916 – LearnPress <= 3.2.6.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7916
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. La función be_teacher en el archivo class-lp-admin-ajax.php en el plugin LearnPress versión 3.2.6.5 y anteriores para WordPress, permite que cualquier usuario registrado se asigne el rol teacher por medio del URI wp-admin/admin-ajax.php?action=learnpress_be_teacher sin ningunas comprobaciones de permiso adicionales. • https://wordpress.org/plugins/learnpress/#developers • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16174 – LearnPress <= 3.0.12 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-16174
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redirección abierta en LearnPress, en versiones anteriores a la 3.1.0, permite que atacantes remotos redireccionen a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16175 – LearnPress <= 3.0.12 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-16175
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en LearnPress, en versiones anteriores a la 3.1.0, permite que un atacante con derechos de administrador ejecute comandos SQL arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •