CVE-2020-6009
published 2020-04-01CVE-2020-6009: LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.84%
76.3th percentile
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| learndash | learndash | < 3.1.6 | 3.1.6 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
4th May – Threat Intelligence Bulletin
blogs_checkpoint·2020-05-04
CVE-2020-6009 4th May – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 4th May – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 4th May 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has discovered a targeted attack on a multinational conglomerate, where the company’s Mobile Device Manager (MDM) server has been compromised and used to install Cerberus banking Trojan on employees’ mobile devices centrally. This new variant of Cerberus has enhanced RAT capabilities and allows to exfilt
Tenable
WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote Code Execution
blogs_tenable·2020-04-30
WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote Code Execution
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
E-Learning Platforms Getting Schooled – Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins
blogs_checkpoint·2020-04-29
CVE-2020-6008 E-Learning Platforms Getting Schooled – Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## E-Learning Platforms Getting Schooled – Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins
Research by: Omri Herscovici and Sagi Tzadik
## Overview
Bugzilla
CVE-2020-11047 freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function
bugzilla·2020-05-14·CVSS 5.5
CVE-2020-11047 [MEDIUM] CVE-2020-11047 freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function
CVE-2020-11047 freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function
A vulnerability was found in FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
References:
https://github.com/FreeRDP/FreeRDP/issues/6009
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
Upstream Commit:
https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
Discussion:
Created freerdp tracking bugs for this issue:
Affects: epel-all [bug 1835764]
Created freerdp1.2 tracking bugs for t
2020-04-01
Published