Lucene search
K

7 matches found

Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.270 views

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...

10CVSS9.6AI score0.63134EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.405 views

📄 WordPress LearnPress 4.2.7 SQL Injection

WordPress LearnPress plugin versions 4.2.7 and below suffer from a remote SQL injection vulnerability. My name: Francisco Moraga BTshell @BTshell https://www.linkedin.com/in/btshell/ Exploit Title: LearnPress WordPress LMS Plugin = 4.2.7 - Unauthenticated SQL Injection via 'conlyfields' Google...

10CVSS9AI score0.63134EPSS
Exploits6
Metasploit
Metasploit
added 2024/10/17 6:54 p.m.546 views

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

The LearnPress WordPress LMS Plugin up to version 4.2.7 is vulnerable to SQL injection via the 'conlyfields' and 'cfields' parameters. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information. Module Options msf use...

10CVSS7.8AI score0.63134EPSS
Exploits7
Circl
Circl
added 2024/09/12 10:8 a.m.30 views

CVE-2024-8522

creationtimestamp| type| source ---|---|--- 2024-09-12 10:08:54+00:00| published-proof-of-concept| https://t.me/HackingInsights/12853 2024-09-12 11:51:18+00:00| seen| https://t.me/cvedetector/5456 2024-09-13 05:01:21+00:00| seen| https://t.me/CyberBulletin/630 2024-09-13 05:21:09+00:00| seen|...

10CVSS7.3AI score0.63134EPSS
Exploits6References18
NVD
NVD
added 2024/09/12 9:15 a.m.53 views

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.63134EPSS
Exploits6References4
Cvelist
Cvelist
added 2024/09/12 8:30 a.m.74 views

CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.63134EPSS
Exploits6References4
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.31 views

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 13b3ec9c4ec2 Credits abrahack Required privilege Unauthenticated Publish...

10CVSS6.8AI score0.63134EPSS
Exploits6References3Affected Software1
Rows per page
Query Builder