WordPress Plugin Vulnerabilities

LearnPress < 4.2.5.8 - Unauthenticated SQLi

Description

The plugin does not properly sanitise and escape the order_by parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Affects Plugins

Plugin icon
learnpress
Fixed in 4.2.5.8

References

CVE
CVE-2023-6567
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
hir0ot
Verified
No
WPVDB ID
c5110450-3b4e-4100-8db4-0d7f5d43c12f

Timeline

Publicly Published
2024-01-02 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
WP eCommerce 3.8.9 - SQL Injection
Published
2025-03-02
Title
SMS Alert Order Notifications – WooCommerce < 3.7.9 - Unauthenticated SQL Injection
Published
2021-05-27
Title
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
Published
2024-11-15
Title
Premium Packages < 6.0.6 - Admin+ SQL Injection
Published
2022-11-07
Title
WP User Merger < 1.5.3 - Admin+ SQLi via ID