CVE-2024-31241 — SQL Injection in Learnpress Export Import

CWE-89 — SQL Injection3 documents3 sources

Severity

7.6HIGHNVD

EPSS

0.2%

top 57.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Thimpress Learnpress Export Import

Timeline

PublishedApr 7

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:LExploitability: 2.3 | Impact: 4.7

Affected Packages1 packages

▶CVEListV5thimpress/learnpress_export_importn/a — 4.0.3

🔴Vulnerability Details

CVEList

WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability↗2024-04-07

▶

GHSA

GHSA-c7ff-hjxw-jhqv: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import↗2024-04-07

▶