Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2024-4444

Published: 14/05/2024 Updated: 14/05/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated malicious users to register as the default role on the site, even if registration is disabled.

Github Repositories

https://github.com/JohnnyBradvo/CVE-2024-4444

My README file for CVE-2024-4444

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=cvehttps://inky-knuckle-2c2.notion.site/Improper-Authentication-in-checkout-leads-privilege-escalation-of-unauthenticated-to-create-accoun-09da24a043884219a891dd1a0fc01af6https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/class-lp-checkout.php#L79https://plugins.trac.wordpress.org/changeset/3082204/https://nvd.nist.govhttps://github.com/JohnnyBradvo/CVE-2024-4444
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook