cbcvebase.
CVE-2020-6010
published 2020-04-30

CVE-2020-6010: LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection

PriorityP272high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
49.23%
98.7th percentile
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection

Affected

1 ranges
VendorProductVersion rangeFixed in
thimpresslearnpress<= 3.2.6.7

Detection & IOCsextracted from sources · hover to see the quote

url/wordpress/wp-admin/post-new.php?post_type=lp_order
path/wp-admin/post-new.php
  • The vulnerable sink is the _get_items method within the LP_Modal_Search_Items class; monitor for unsanitized use of the GET/POST parameter 'current_items' in SQL queries.
  • The exploit requires an authenticated session; look for the presence of 'wp_learn_press_session_*' and 'wordpress_logged_in_*' cookies alongside suspicious POST bodies to post-new.php.
  • CVE-2020-6010 is a time-based blind SQL injection; monitor for anomalous database response latency correlated with requests to post-new.php containing 'current_items' parameter.
  • ·Exploitation requires an authenticated session (any registered user); unauthenticated exploitation is not possible for this specific CVE.
  • ·The vulnerability affects LearnPress versions 3.2.6.7 and below; versions 3.2.6.8 and above (patched at 3.2.7) are not affected.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.