Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-47615Unrestricted File Upload in Learnpress

CWE-434Unrestricted File Upload5 documents5 sources
Severity
9.8CRITICALNVD
CNA9.3VulnCheck9.3
EPSS
83.0%
top 0.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Thimpress LearnpressThimpress Learnpress Wordpress LMS Plugin
Timeline
PublishedJan 26
Latest updateJul 6

Description

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5thimpress/learnpress_wordpress_lms_pluginn/a4.1.7.3.2

Patches

Patch: patchstack.comPatch: patchstack.com

🔴Vulnerability Details

3
GHSA
GHSA-wr5x-fcf4-h5qm: Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 42023-07-06
CVEList
WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion2023-01-24
VulnCheck
thimpress learnpress Unrestricted Upload of File with Dangerous Type2022

💥Exploits & PoCs

1
Nuclei
LearnPress Plugin < 4.2.0 - Local File Inclusion
CVE-2022-47615 — Unrestricted File Upload in Learnpress | cvebase