Unauthenticated Attackers Can Bypass User Registration in LearnPress
CVE-2024-4444
5.3MEDIUM
Key Information
- Vendor
- Thimpress
- Status
- Learnpress – WordPress Lms Plugin
- Vendor
- Published:
- 14 May 2024
Summary
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Affected Version(s)
LearnPress – WordPress LMS Plugin <= 4.2.6.5
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Timeline
Vulnerability published.
Disclosed
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
1337_Wannabe