CVE-2021-24951

The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...

📄 WordPress LearnPress 4.2.7 SQL Injection

WordPress LearnPress plugin versions 4.2.7 and below suffer from a remote SQL injection vulnerability. My name: Francisco Moraga BTshell @BTshell https://www.linkedin.com/in/btshell/ Exploit Title: LearnPress WordPress LMS Plugin = 4.2.7 - Unauthenticated SQL Injection via 'conlyfields' Google...

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...

PT-2024-39073

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to 4.2.7 Description: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the c only fields parameter of the "/wp-json/learnpress/v1/courses" REST API...