cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2021-24951

CVE, Research URL

CVE-2021-24951

Published on
Dec 13, 2021
Research Description
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues
Affected versions
Min -, max 4.1.5.
Status
vulnerable