8 matches found
Metasploit Wrap-Up
LearnPress authenticated SQL injection Metasploit contributor h00die added a new module that exploits CVE-2020-6010, an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to...
CVE-2020-6010
creationtimestamp| type| source ---|---|--- 2021-08-25 19:28:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wplearnpresssqli.rb 2024-11-14 06:09:32+00:00| seen| MISP/665dc617-394a-4186-b9bf-abb9e12a27f3 2025-02-06 03:13:44+00:00| seen|...
WordPress LearnPress 3.2.6.7 Plugin - (current_items) SQL Injection (Authenticated) Vulnerability
Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login with a cred 3...
LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities
The WordPress LearnPress Plugin installed on the remote host is affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation of user-supplied input. An authenticated, remote attacker can exploit thi...
WordPress Plugin 'LearnPress' < 3.2.6.8 Multiple Vulnerabilities
The WordPress application running on the remote host has a version of the 'LearnPress' plugin that is prior to 3.2.6.8 and, thus, is affected by multiple vulnerabilities : - A SQL injection SQLi vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation...
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...
CVE-2020-6010
The CVE-2020-6010 entry concerns the WordPress LearnPress plugin prior to 3.2.6.8, where an authenticated SQL injection exists in the _get_items method of LP_Modal_Search_Items via the current_items parameter on post-new.php. Impact stated in sources includes data disclosure/manipulation and pote...
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...