Lucene search
K

8 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/08/27 7:3 p.m.68 views

Metasploit Wrap-Up

LearnPress authenticated SQL injection Metasploit contributor h00die added a new module that exploits CVE-2020-6010, an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to...

6.5CVSS8.8AI score0.49231EPSS
Exploits6
Circl
Circl
added 2021/08/25 7:28 p.m.25 views

CVE-2020-6010

creationtimestamp| type| source ---|---|--- 2021-08-25 19:28:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wplearnpresssqli.rb 2024-11-14 06:09:32+00:00| seen| MISP/665dc617-394a-4186-b9bf-abb9e12a27f3 2025-02-06 03:13:44+00:00| seen|...

8.8CVSS8.6AI score0.49231EPSS
Exploits6References1
0day.today
0day.today
added 2021/07/19 12:0 a.m.147 views

WordPress LearnPress 3.2.6.7 Plugin - (current_items) SQL Injection (Authenticated) Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login with a cred 3...

8.8CVSS0.1AI score0.49231EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2020/05/14 12:0 a.m.32 views

LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities

The WordPress LearnPress Plugin installed on the remote host is affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation of user-supplied input. An authenticated, remote attacker can exploit thi...

8.8CVSS9.3AI score0.49231EPSS
Exploits11References4
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.90 views

WordPress Plugin 'LearnPress' < 3.2.6.8 Multiple Vulnerabilities

The WordPress application running on the remote host has a version of the 'LearnPress' plugin that is prior to 3.2.6.8 and, thus, is affected by multiple vulnerabilities : - A SQL injection SQLi vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation...

8.8CVSS8.7AI score0.49231EPSS
Exploits11References4
NVD
NVD
added 2020/04/30 3:15 p.m.21 views

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

8.8CVSS9.1AI score0.49231EPSS
Exploits6References4
CVE
CVE
added 2020/04/30 2:38 p.m.178 views

CVE-2020-6010

The CVE-2020-6010 entry concerns the WordPress LearnPress plugin prior to 3.2.6.8, where an authenticated SQL injection exists in the _get_items method of LP_Modal_Search_Items via the current_items parameter on post-new.php. Impact stated in sources includes data disclosure/manipulation and pote...

8.8CVSS8.9AI score0.49231EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2020/04/30 2:38 p.m.41 views

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

9.1AI score0.49231EPSS
Exploits6References4
Rows per page
Query Builder