LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
CVE-2022-45808 LearnPress Plugin < 420 - Unauthenticated time-based blind SQLi Description The plugin does not properly sanitise and escape the order by parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users POC $ python sqlmappy -u 'wordpresslan:80/wp-json/lp/v1/courses/archive-course' --data=