WordPress Plugin Vulnerabilities

LearnPress – WordPress LMS Plugin < 4.2.7.1 - Unauthenticated SQL Injection via 'c_fields'

Description

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affects Plugins

Plugin icon
learnpress
Fixed in 4.2.7.1

References

CVE
CVE-2024-8529
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b2671e-0db7-4ba9-b574-a0122959e8fc

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
10 (critical)

Miscellaneous

Original Researcher
abrahack
Verified
No
WPVDB ID
6b86c089-177b-45b4-979e-4ae08e586e83

Timeline

Publicly Published
2024-09-11 (about 1 year ago)
Added
2024-09-11 (about 1 year ago)
Last Updated
2024-09-12 (about 1 year ago)

Other

Published
Title
Published
2022-09-20
Title
Search Logger <= 0.9 - Admin+ SQLi
Published
2021-09-21
Title
Game Server Status <= 1.0 - Admin+ Stored Cross-Site Scripting
Published
2025-01-23
Title
Form Builder CP < 1.2.42 - Authenticated (Contributor+) SQL Injection
Published
2025-09-10
Title
All in one Minifier <= 3.2 - Unauthenticated SQL Injection
Published
2025-10-07
Title
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 6.0.6.3 - Authenticated (Administrator+) SQL Injection