7 matches found
LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...
📄 WordPress LearnPress 4.2.7 SQL Injection
WordPress LearnPress plugin versions 4.2.7 and below suffer from a remote SQL injection vulnerability. My name: Francisco Moraga BTshell @BTshell https://www.linkedin.com/in/btshell/ Exploit Title: LearnPress WordPress LMS Plugin = 4.2.7 - Unauthenticated SQL Injection via 'conlyfields' Google...
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
The LearnPress WordPress LMS Plugin up to version 4.2.7 is vulnerable to SQL injection via the 'conlyfields' and 'cfields' parameters. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information. Module Options msf use...
CVE-2024-8522
creationtimestamp| type| source ---|---|--- 2024-09-12 10:08:54+00:00| published-proof-of-concept| https://t.me/HackingInsights/12853 2024-09-12 11:51:18+00:00| seen| https://t.me/cvedetector/5456 2024-09-13 05:01:21+00:00| seen| https://t.me/CyberBulletin/630 2024-09-13 05:21:09+00:00| seen|...
CVE-2024-8522
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 13b3ec9c4ec2 Credits abrahack Required privilege Unauthenticated Publish...