cbcvebase.
CVE-2022-45808
published 2023-01-26

CVE-2022-45808: SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.27%
89.8th percentile
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

Affected

2 ranges
VendorProductVersion rangeFixed in
thimpresslearnpress<= 4.1.7.3.2
thimpresslearnpress_wordpress_lms_pluginn/a – 4.1.7.3.2

Detection & IOCsextracted from sources · hover to see the quote

bytes
4a0a00473045022034091fea7be13a3a1fe1d2df49aa59d878e1ddf2b81fede61fd592e43eda7eb8022100c481a3b49e46cf2316b0c07131a5b8aa16994d12379be07e01ddcf574d845e33:922c64590222798bb761d5b6d8e72950
  • Probe payload for SQL injection uses a single-quote character appended to the plugin version parameter, e.g. '6'' — look for anomalous single-quote characters in LearnPress API request bodies.
  • ·Vulnerability affects LearnPress WordPress LMS Plugin versions up to and including 4.1.7.3.2 only; versions beyond this are not confirmed affected by this CVE.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.9CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.