Critical Flaws Found in Popular LearnPress LMS Plugin for WordPress
The popular LearnPress – WordPress LMS Plugin, a pivotal tool for creating and managing online courses on WordPress, has been found vulnerable to two severe security flaws. These vulnerabilities could potentially allow both arbitrary file uploads and unauthorized database access, posing significant risks to over 90,000 active installations worldwide.
CVE-2024-4397: Authenticated Arbitrary File Upload
The first vulnerability, CVE-2024-4397, with a CVSS score of 8.8, arises from a lack of proper file type validation in the plugin’s ‘save_post_materials’ function. Attackers with at least Instructor-level access can exploit this flaw to upload arbitrary files to the server. This breach could lead to remote code execution, allowing attackers to potentially seize control over the website.
CVE-2024-4434: Unauthenticated Time-Based SQL Injection
The second vulnerability, rated even more critically at a CVSS score of 9.8, is an unauthenticated time-based SQL Injection through the ‘term_id’ parameter. This flaw stems from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. Even without authentication, attackers can manipulate SQL queries to extract sensitive information from the website’s database, escalating the threat to data security.
The Patches are Ready
The issues were discovered in all versions up to and including 4.2.6.5 of LearnPress. Upon learning about these vulnerabilities, the plugin’s developers promptly addressed them by releasing updates (version 4.2.6.6) that patched these severe security holes. Users of LearnPress are urged to update their installations to the latest version immediately to safeguard their sites from potential exploits.
Recommendations Website administrators should:
- Immediately update the LearnPress plugin to the latest version.
- Regularly audit and update all WordPress plugins to maintain security integrity.
- Implement strict role-based access controls to minimize potential insider threats.
- Educate users with administrative privileges about the risks of security vulnerabilities.
