- Description
- The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-284
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
CVE-2024-11868 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-… https://t.co/j5BQKXWPOr
@CVEnew
10 Dec 2024
335 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11868 Sensitive Info Exposure in LearnPress WordPress Plugin (All Versions ≤ 4.2.7.3) The LearnPress – WordPress LMS Plugin for WordPress has a vulnerability called Sensitive Information Exposure. All ve... https://t.co/pefYnxRbe9
@VulmonFeeds
10 Dec 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A CVE of mine CVE-2024-11868 (CVSS:3.1 5.3 Medium) has been released today. You can read more about it at the link below https://t.co/53wb8RXe8r I would be making a full disclosure exclusively on my blog https://t.co/QFO2zb9H61, on the 25th January 2025. Please save the date.
@theabrahack
10 Dec 2024
793 Impressions
2 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "5A66E6DC-D4F1-4FA9-B8AC-A52905904E3B",
"versionEndExcluding": "4.2.7.4"
}
],
"operator": "OR"
}
]
}
]