返回列表

CVE-2024-11868: LearnPress < 4.2.7.4 - Course Material - Information Disclosure

CVE: CVE-2024-11868

CNVD: 暂无

CNNVD: 暂无

漏洞类型: 命令执行

漏洞等级: 高危

年份: 2026

POC_ID: 暂无

漏洞描述

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. [已公开] id: CVE-2024-11868 info: name: LearnPress < 4.2.7.4 - Course Material - Information Disclosure author: pussycat0x severity: medium description: | LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. impact: | Unauthenticated attackers can access and extract sensitive paid course content, leading to intellectual property theft and privacy breaches. remediation: Update to the latest version beyond 4.2.7.3 or apply security patches provided by the vendor. reference: - https://wpscan.com/vulnerability/7524ffd8-3506-48f7-89b6-d07b40533756/8 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-11868 epss-score: 0.06589 epss-percentile: 0.90974 cwe-id: CWE-284 metadata: verified: true max-request:

影响范围

未知

漏洞详情

登录后可查看漏洞详情。请先登录或注册。

漏洞 POC

登录后可查看漏洞 POC。请先登录或注册。

修复建议

暂无

参考来源

https://wpscan.com/vulnerability/7524ffd8-3506-48f7-89b6-d07b40533756/8