WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
CVE-2022-45820

9.1CRITICAL

Key Information:

Vendor: Wordpress
Status: Learnpress – WordPress Lms Plugin
Vendor: CVE Published:; 26 January 2023

Summary

The LearnPress plugin, a popular Learning Management System (LMS) for WordPress, contains a SQL injection vulnerability that allows attackers to manipulate database queries. This flaw could enable unauthorized access to sensitive data, including user details and site configurations. The issue affects versions of the plugin up to and including 4.1.7.3.2, necessitating immediate updates to mitigate potential exploitation. Site administrators should apply the latest patches to ensure robust security.

Affected Version(s)

LearnPress – WordPress LMS Plugin <= 4.1.7.3.2

References

https://patchstack.com/database/vulnerability/learnpress/...

vdb-entry

https://patchstack.com/articles/multiple-critical-vulnera...

technical-description

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Nov 23, 2022

Credit

Rafie Muhammad (Patchstack)