Researchers discovered multiple vulnerabilities in the LearnPress WordPress plugin, allowing SQL injection and file inclusion attacks. The plugin developers patched the flaw following the bug report.
LearnPress Plugin Vulnerabilities
According to a recent PatchStack advisory, their researchers found multiple vulnerabilities in the LearnPress WordPress plugin.
LearnPress is a dedicated free learning management system (LMS) plugin for course creation and selling websites. It currently boasts over 100,000 active downloads, which means that any vulnerabilities in this plugin directly affect thousands of websites globally.
As elaborated, the researchers found three security issues in the plugin, including the following.
- CVE-2022-47615 (severity: critical; CVSS: 9.3): an unauthenticated local file inclusion existed in the
inc/rest-api/v1/frontend/class-lp-rest-courses-controller.php
functionlist_courses
. An adversary could exploit the flaw to display the contents of local files. - CVE-2022-45808 (severity: critical; CVSS: 9.9): an unauthenticated SQL injection existed in the
inc/databases/class-lp-db.php
functionexecute
. Exploiting the flaw could allow an adversary to access the target websites’ databases, steal data, and create rogue admin accounts. - CVE-2022-45820 (severity: critical; CVSS 9.1): an authenticated SQL injection flaw existed in two shortcodes,
learn_press_recent_courses
andlearn_press_featured_courses
. Exploiting the vulnerability could let an attacker access the target sites’ databases and perform malicious actions, including stealing data or creating admin accounts.
The researchers have confirmed that the vulnerabilities remained unexploited in the wild.
Developers Fixed the Issues
Following this discovery in November 2022, PatchStack team reported the vulnerabilities to the LearnPress plugin developers. In response, they fixed the flaws with the release of LearnPress plugin version 4.2.0.
The plugin’s WordPress page also lists the same version as the latest release.
For now, from the thousands of active users, the plugin’s page shows only 26.2% of users have updated their websites. The rest are still using old, vulnerable releases, which can result in severe damage if the vulnerabilities get under attack.
Hence, all users must update their websites with this version to receive all bug fixes.
Let us know your thoughts in the comments.