Multiple Critical Vulnerabilities Fixed In LearnPress Plugin Version <= 4.1.7.3.2

If you’re a LearnPress user, please update the plugin to at least version 4.2.0.

The plugin LearnPress (versions 4.1.7.3.2 and below), which has over 100,000 active installations is a comprehensive WordPress LMS Plugin for WordPress. This is one of the most popular WordPress LMS Plugins which can be used to easily create & sell courses online. We can create a course curriculum with lessons & quizzes included which is managed with an easy-to-use interface for users.

This plugin suffers from multiple critical vulnerabilities. These vulnerabilities allow any unauthenticated users to inject a SQL query to the database and perform local file inclusion. We also found another SQL injection that would need a user with at least “Contributor” role to be exploited. The described vulnerability was fixed in version 4.2.0.

The security vulnerability in LearnPress
Unauthenticated Local File Inclusion (CVE-2022-47615)

The vulnerable code responsible for this vulnerability is located on inc/rest-api/v1/frontend/class-lp-rest-courses-controller.php function list_courses . This function is used to handle API request to lp/v1/courses/archive-course .

Source and more details:

Posted in Exploit.