LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
CVE-2022-3360

8.1HIGH

Key Information:

Vendor: Wordpress
Status: Learnpress – WordPress Lms Plugin
Vendor: CVE Published:; 31 October 2022

Summary

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.

Affected Version(s)

LearnPress – WordPress LMS Plugin 4.1.7.2

References

https://wpscan.com/vulnerability/acea7a54-a964-4127-a93f-...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 29, 2022

Credit

Nguyen Duy Quoc Khanh