Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-45808SQL Injection in Learnpress Wordpress LMS Plugin

CWE-89SQL Injection5 documents5 sources
Severity
9.8CRITICALNVD
CNA9.9VulnCheck9.9
EPSS
83.6%
top 0.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Thimpress Learnpress Wordpress LMS PluginThimpress Learnpress
Timeline
PublishedJan 26
Latest updateJul 6

Description

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5thimpress/learnpress_wordpress_lms_pluginn/a4.1.7.3.2
NVDthimpress/learnpress4.1.7.3.2

🔴Vulnerability Details

3
GHSA
GHSA-m33h-m49h-9cf4: SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 42023-07-06
CVEList
WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection2023-01-24
VulnCheck
thimpress learnpress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2022

💥Exploits & PoCs

1
Nuclei
LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi
CVE-2022-45808 — SQL Injection | cvebase