Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-6634 — Argument Injection in Learnpress Wordpress LMS Plugin FOR Create AND Sell Online Courses

CWE-88 — Argument Injection CWE-77 — Command Injection5 documents5 sources

Severity

9.8CRITICALNVD

CNA8.1VulnCheck8.1

EPSS

91.3%

top 0.34%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Thimpress Learnpress Wordpress LMS Plugin FOR Create AND Sell Online Courses Thimpress Learnpress

Timeline

PublishedJan 11

Description

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5thimpress/learnpress_wordpress_lms_plugin_for_create_and_sell_online_courses4.2.5.7

▶NVDthimpress/learnpress4.2.5.7

🔴Vulnerability Details

GHSA

GHSA-3jrv-ghj9-h744: The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4↗2024-01-11

▶

CVEList

LearnPress <= 4.2.5.7 - Command Injection↗2024-01-11

▶

VulnCheck

thimpress learnpress Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')↗2023

▶

💥Exploits & PoCs

Nuclei

LearnPress < 4.2.5.8 - Remote Code Execution

▶