Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitRamuel GallWPEX-ID:22B2CBAA-9173-458A-BC12-85E7C96961CD
HistoryApr 28, 2020 - 12:00 a.m.

LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"

2020-04-2800:00:00
Ramuel Gall
15
JSON

The LearnPress plugin through 3.2.6.8 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. The “LP Instructor” role grants the “unfiltered_html” capability, allowing an escalated user to insert posts containing malicious JavaScript

It is possible for a remote attacker to elevate the privileges of any user to LP Instructor by sending a request to any location within wp-admin, such as wp-admin/admin-post.php with the action parameter set to accept-to-be-teacher and the user_id parameter set to an arbitrary user ID. This is possible because the learn_press_accept_become_a_teacher function runs on the plugins_loaded action and lacks nonce checks and capability checks.

Related

cve 1
wpvulndb 1
zdt 1
cvelist 1
patchstack 1
prion 1
packetstorm 1
exploitdb 1
nessus 2
openvas 1
thn 1
threatpost 1
cve
cve
CVE-2020-11511
2021-07-30 14:15:00
wpvulndb
wpvulndb
LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"
2020-04-28 00:00:00
zdt
zdt
WordPress LearnPress 3.2.6.8 Plugin - Privilege Escalation Vulnerability
2021-07-19 00:00:00
cvelist
cvelist
CVE-2020-11511
2021-07-27 04:56:54
patchstack
patchstack
WordPress LearnPress plugin <= 3.2.6.7 - Privilege Escalation vulnerability
2020-04-29 00:00:00
prion
prion
Design/Logic Flaw
2021-07-30 14:15:00
packetstorm
packetstorm
WordPress LearnPress Privilege Escalation
2021-07-19 00:00:00
exploitdb
exploitdb
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
2021-07-19 00:00:00
nessus
nessus
WordPress Plugin 'LearnPress' < 3.2.6.8 Multiple Vulnerabilities
2020-05-01 00:00:00
LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities
2020-05-14 00:00:00
openvas
openvas
WordPress LearnPress Plugin < 3.2.6.9 Multiple Vulnerabilities
2020-05-05 00:00:00
thn
thn
Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites
2020-04-30 10:06:00
threatpost
threatpost
Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
2020-04-30 10:00:32
JSON
Related for WPEX-ID:22B2CBAA-9173-458A-BC12-85E7C96961CD
cve1wpvulndb1zdt1cvelist1patchstack1prion1packetstorm1exploitdb1nessus2openvas1thn1threatpost1