cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2024-6088

CVE, Research URL

CVE-2024-6088

Published on
Jul 02, 2024
Research Description
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user registration to create a new account with the default role.
Affected versions
Min -, max 4.2.6.8.2.
Status
vulnerable