7.5
CVSSv3

CVE-2024-8529

Published: 12/09/2024 Updated: 13/09/2024

Vulnerability Summary

SQL Injection Vulnerability in LearnPress WordPress Plugin

The LearnPress – WordPress LMS Plugin for WordPress has an SQL Injection vulnerability. This issue affects the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint. Versions up to, and including, 4.2.7 are affected. The problem is due to poor escaping and lack of proper preparation of the SQL query. An attacker, without needing to log in, can use this flaw to add extra SQL queries. This can leak sensitive data from the database.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

thimpress learnpress

Exploits

The LearnPress WordPress LMS Plugin up to version 427 is vulnerable to SQL injection via the 'c_only_fields' and 'c_fields' parameters This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information ...

Metasploit Modules

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

The LearnPress WordPress LMS Plugin up to version 4.2.7 is vulnerable to SQL injection via the 'c_only_fields' and 'c_fields' parameters. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information.

msf > use auxiliary/scanner/http/wp_learnpress_c_fields_sqli
msf auxiliary(wp_learnpress_c_fields_sqli) > show actions
    ...actions...
msf auxiliary(wp_learnpress_c_fields_sqli) > set ACTION < action-name >
msf auxiliary(wp_learnpress_c_fields_sqli) > show options
    ...show and set options...
msf auxiliary(wp_learnpress_c_fields_sqli) > run

Github Repositories

LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'

CVE-2024-8529 LearnPress – WordPress LMS Plugin &lt;= 427 - Unauthenticated SQL Injection via 'c_fields' Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 427