Lucene search
K

7 matches found

Nuclei
Nuclei
added 12 hours ago32 views

LearnPress < 4.2.7.1 - SQL Injection

The LearnPress WordPress LMS Plugin before 4.2.7.1 is vulnerable to unauthenticated SQL injection via the 'cfields' parameter in the /wp-json/lp/v1/courses/archive-course REST API endpoint, allowing attackers to extract sensitive information from the database. id: CVE-2024-8529 info: name:...

10CVSS6.1AI score0.11831EPSS
Exploits2References3
Metasploit
Metasploit
added 2024/10/17 6:54 p.m.548 views

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

The LearnPress WordPress LMS Plugin up to version 4.2.7 is vulnerable to SQL injection via the 'conlyfields' and 'cfields' parameters. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information. Module Options msf use...

10CVSS7.8AI score0.63134EPSS
Exploits7
Circl
Circl
added 2024/09/12 11:51 a.m.93 views

CVE-2024-8529

creationtimestamp| type| source ---|---|--- 2024-09-12 11:51:16+00:00| seen| https://t.me/cvedetector/5454 2024-09-13 05:01:21+00:00| seen| https://t.me/CyberBulletin/630 2024-09-13 05:21:09+00:00| seen| https://t.me/CyberDilara/873 2024-09-13 05:21:16+00:00| seen| https://t.me/InfoSecInsider/282...

10CVSS5.7AI score0.11831EPSS
Exploits2References13
OSV
OSV
added 2024/09/12 9:15 a.m.3 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.8AI score0.11831EPSS
Exploits2References2
NVD
NVD
added 2024/09/12 9:15 a.m.50 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/09/12 8:30 a.m.38 views

CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS7.5AI score0.11831EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/09/12 8:30 a.m.52 views

CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
Rows per page
Query Builder