← voltar
CVE-2024-5483

LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API

CVSS 5.3 MEDIUMEPSS 1.0%CWE-200
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
thimpress · LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8/inc/jwt/rest-api/version1/class-lp-rest-users-v1-controller.php#L130https://www.wordfence.com/threat-intel/vulnerabilities/id/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve