LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities

high Web Application Scanning Plugin ID 112388

Synopsis

LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities

Description

The WordPress LearnPress Plugin installed on the remote host is affected by multiple vulnerabilities :

- A SQL injection vulnerability exists in the _get_items method of the LP_Modal_Search_Items class due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2020-6010)

- A privilege escalation vulnerability exists in the learn_press_accept_become_a_teacher function due to the code not checking the permissions of the requesting user. An unauthenticated, remote attacker can exploit this, via /wpadmin/, to gain 'teacher' access to the application. (CVE-2020-11511)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LearnPress Plugin for WordPress 3.2.6.9 or latest.

See Also

https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins/

https://wordpress.org/plugins/learnpress/

Plugin Details

Severity: High

ID: 112388

Type: remote

Published: 5/14/2020

Updated: 10/7/2021

Scan Template: scan, pci

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-11511

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2020-6010

Vulnerability Information

CPE: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2020

Vulnerability Publication Date: 4/30/2020

Reference Information

CVE: CVE-2020-6010, CVE-2020-11511