CVE-2024-4444

LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.

El complemento LearnPress – WordPress LMS Plugin para WordPress es vulnerable a omitir el registro de usuario en versiones hasta la 4.2.6.5 incluida. Esto se debe a que faltan controles en la función 'create_account' en el proceso de pago. Esto hace posible que atacantes no autenticados se registren como rol predeterminado en el sitio, incluso si el registro está deshabilitado.

*Credits: 1337_Wannabe

CVSS Scores

Wordfencev3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-02 CVE Reserved
2024-05-09 CVE Published
2024-05-15 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-420: Unprotected Alternate Channel

CAPEC

References (4)

URL	Tag	Source
https://inky-knuckle-2c2.notion.site/Improper-Authentication-in-checkout-leads-privilege-escalation-of-unauthenticated-to-create-accoun-09da24a043884219a891dd1a0fc01af6
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/class-lp-checkout.php#L79
https://plugins.trac.wordpress.org/changeset/3082204
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=cve

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Thimpress Search vendor "Thimpress"		LearnPress – WordPress LMS Plugin Search vendor "Thimpress" for product "LearnPress – WordPress LMS Plugin"				<= 4.2.6.5 Search vendor "Thimpress" for product "LearnPress – WordPress LMS Plugin" and version " <= 4.2.6.5"		en		Affected