LearnPress: 75,000 WordPress Websites at Risk from Critical Vulnerabilities

by | Jan 25, 2023 | News

LearnPress WordPress plugin critical-severity flaws

Post Views: 534

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

LearnPress, a popular WordPress plugin for creating and selling online courses, has been found to contain multiple critical-severity flaws that were discovered by PatchStack.

Unfortunately, the plugin was found to contain multiple critical-severity vulnerabilities that were discovered by PatchStack, including pre-auth SQL injection and local file inclusion. These vulnerabilities can expose sensitive information, allow data modification, and enable arbitrary code execution. These vulnerabilities can expose sensitive information, allow data modification, and enable arbitrary code execution.

These vulnerabilities were discovered between November 30 and December 2, 2022 and reported to the software vendor.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Update available, 25% applied.

The plugin is used by over 100,000 active websites and was reported to the software vendor on December 2, 2022. The vendor fixed the issues on December 20, 2022 with the release of LearnPress version 4.2.0.
However, according to statistics from WordPress.org, only 25% of users have applied the update, leaving 75,000 websites at risk of exploitation.

LearnPress versions on active installationsLearnPress versions on active installations (WordPress)

The vulnerabilities could expose credentials, authorization tokens, and API keys, leading to further compromise, which can have serious repercussions.

Trending: A primer on OS Command Injection Attacks

Trending: Recon Tool: Shotlooter

The 3 Vulnerabilities 

The first vulnerability, CVE-2022-47615, is an unauthenticated local file inclusion flaw that allows attackers to display the contents of local files stored on the web server. The second vulnerability, CVE-2022-45808, is an unauthenticated SQL injection that can potentially lead to sensitive information disclosure, data modification, and arbitrary code execution. The third vulnerability, CVE-2022-45820, is an authenticated SQL injection flaw in two shortcodes of the plugin.

 

SQL injection example

SQL injection example (PatchStack)

The vendor has fixed these issues by introducing an allowlist and sanitization of the vulnerable variables or removing the ability to include templates in user input. Website owners relying on LearnPress are advised to either upgrade to version 4.2.0 or disable the plugin until they can apply the available security update.

Trending: PoC exploits released for critical bugs in popular WordPress plugins

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This