SQL Injection Vulnerability in LearnPress WordPress Plugin
The LearnPress – WordPress LMS Plugin for WordPress has an SQL Injection vulnerability. This issue affects the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint. Versions up to, and including, 4.2.7 are affected. The problem is due to poor escaping and lack of proper preparation of the SQL query. An attacker, without needing to log in, can use this flaw to add extra SQL queries. This can leak sensitive data from the database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thimpress learnpress |