Multiple vulnerabilities in LearnPress – WordPress LMS Plugin
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-7916 CVE-2020-7917 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
LearnPress - WordPress LMS Plugin Web applications / Modules and components for CMS |
| Vendor | ThimPress |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU26106
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-7916
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to missing permission checks in the "be_teacher" function in "class-lp-admin-ajax.php". A remote authenticated attacker can assign itself the instructor/teacher role and gain access to otherwise restricted data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLearnPress - WordPress LMS Plugin: 2.2.1 - 3.2.6.6
CPE2.3- cpe:2.3:a:thongta:learnpress:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:thongta:learnpress:3.0.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:thongta:learnpress:3.1.0:*:*:*:*:wordpress:*:*
https://wordpress.org/plugins/learnpress/#developers
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU26107
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-7917
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to missing permission checks in the "be_teacher" function in "class-lp-admin-ajax.php". A remote authenticated attacker can assign itself the instructor/teacher role and gain access to otherwise restricted data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLearnPress - WordPress LMS Plugin: 2.2.1 - 3.2.6.6
CPE2.3- cpe:2.3:a:thongta:learnpress:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:thongta:learnpress:3.0.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:thongta:learnpress:3.1.0:*:*:*:*:wordpress:*:*
https://wordpress.org/plugins/learnpress/#developers
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
