LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report
Plugin Name: LearnPress – WordPress LMS Plugin
Key Information:
- Software Type: Plugin
- Software Slug: learnpress
- Software Status: Active
- Software Author: thimpress
- Software Downloads: 4,139,739
- Active Installs: 90,000
- Last Updated: April 4, 2024
- Patched Versions: 4.2.6.4, 4.0.1
- Affected Versions: <= 4.2.6.3, <= 4.0.0
Vulnerability 1: Insecure Direct Object Reference
- CVE: CVE-2024-1289
- CVSS Score: 6.5
- Publicly Published: April 4, 2024
- Researcher: drop
- Description: LearnPress is vulnerable to Insecure Direct Object Reference up to version 4.2.6.3, allowing attackers to access order information of other users and guests, potentially enrolling in paid courses for free. User emails are also at risk of exposure.
Vulnerability 2: Authenticated Stored Cross-Site Scripting
- CVE: CVE-2024-1463
- CVSS Score: 4.4
- Publicly Published: April 4, 2024
- Researcher: drop
- Description: Versions up to 4.2.6.3 of LearnPress are susceptible to Stored Cross-Site Scripting via Course, Lesson, and Quiz titles and content due to insufficient sanitization, allowing LP Instructor-level users to execute scripts.
Vulnerability 3: Cross-Site Request Forgery to Privilege Escalation
- CVE: CVE-2024-2115
- CVSS Score: 8.8
- Publicly Published: April 4, 2024
- Researcher: Tim Coen
- Description: LearnPress versions up to 4.0.0 are vulnerable to CSRF, leading to potential privilege escalation by manipulating the
filter_users
function without proper nonce validation.
Summary:
LearnPress, a leading WordPress LMS Plugin, faces multiple vulnerabilities, notably in versions up to 4.2.6.3 and 4.0.0, including Insecure Direct Object Reference, Stored XSS, and CSRF leading to privilege escalation. These vulnerabilities expose users to data theft, unauthorized access, and potential site compromise.
Detailed Overview:
The vulnerabilities, discovered by researchers drop and Tim Coen, underline significant security oversights in input validation, sanitization, and authorization processes within the LearnPress plugin. These flaws not only compromise data integrity and privacy but also undermine the overall security posture of WordPress sites using LearnPress.
Advice for Users:
- Immediate Action: Update to versions 4.2.6.4 or 4.0.1 immediately to mitigate these vulnerabilities.
- Check for Signs of Vulnerability: Regularly audit site activities and logs for any signs of unauthorized access or exploitation.
- Alternate Plugins: Consider other well-vetted WordPress LMS plugins that adhere to rigorous security standards.
- Stay Updated: Ensure all site components, especially plugins, are kept up-to-date to defend against known vulnerabilities.
Conclusion:
The prompt patching of these vulnerabilities by the LearnPress development team highlights the ongoing battle against cyber threats in the WordPress ecosystem. For small business owners and WordPress site administrators, this serves as a critical reminder of the importance of diligent software maintenance and cybersecurity awareness. Proactive security measures, including regular updates and audits, are key to safeguarding digital assets against evolving threats.
References:
Detailed Report:
In an era where online learning platforms are increasingly integral to education, the security of WordPress Learning Management System (LMS) plugins like LearnPress cannot be underestimated. Recent findings have exposed multiple vulnerabilities in the LearnPress plugin, underscoring the paramount importance of keeping web assets updated to safeguard against potential cyber threats.
Plugin Overview:
LearnPress – WordPress LMS Plugin is a cornerstone for many educational websites, boasting over 90,000 active installations. Developed by ThimPress, this plugin facilitates the creation and management of online courses directly within WordPress. Despite its widespread popularity and utility, LearnPress has recently been the subject of security concerns due to vulnerabilities discovered in versions up to 4.2.6.3 and 4.0.0.
Vulnerabilities Detail:
- CVE-2024-1289: An Insecure Direct Object Reference vulnerability, allowing attackers to access sensitive order information of other users and guests. This flaw could enable unauthorized enrollment in paid courses.
- CVE-2024-1463: A Stored Cross-Site Scripting vulnerability found in the Course, Lesson, and Quiz titles and content, posing a risk of arbitrary script execution by attackers with LP Instructor-level access.
- CVE-2024-2115: A Cross-Site Request Forgery vulnerability leading to potential privilege escalation by exploiting insufficient nonce validation in the filter_users functions.
These vulnerabilities highlight critical security oversights in input validation, sanitization, and authorization within LearnPress, potentially compromising data integrity, privacy, and the overall security posture of WordPress sites using this plugin.
Risk and Impact:
The vulnerabilities pose significant risks, from data theft and unauthorized access to potential site compromise. The broad functionality of LearnPress means these vulnerabilities could have wide-reaching implications, affecting not only site owners but also their users.
Remediation:
The LearnPress development team has responded swiftly, releasing patches in versions 4.2.6.4 and 4.0.1 to address these issues. Users are urged to update their installations without delay to protect their sites from potential exploitation.
Previous Vulnerabilities:
This isn't the first time LearnPress has faced security issues; with 27 previous vulnerabilities reported since November 9, 2018, it's clear that continuous vigilance is necessary.
Conclusion:
The recent vulnerabilities in LearnPress serve as a stark reminder of the ever-present risks in the digital landscape. For small business owners and WordPress site administrators, these incidents underscore the critical importance of maintaining updated and secure plugins. In today's fast-evolving cyber threat environment, proactive security measures and informed decisions are paramount in safeguarding online assets and ensuring the trustworthiness of digital platforms. Regular updates, security audits, and staying informed about potential vulnerabilities are essential practices in the ongoing effort to protect digital spaces from emerging threats.
Staying Secure
Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.
Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.
Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.
LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report FAQs
What is Cross-Site Scripting (XSS)?
What is Cross-Site Scripting (XSS)?
Cross-Site Scripting, or XSS, is a type of security vulnerability typically found in web applications. It enables attackers to inject client-side scripts into web pages viewed by other users, potentially allowing unauthorized access to sensitive information or the manipulation of user data.