CVE-2024-5483

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails
Configurations

Configuration 1 (hide)

cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*

History

11 Jun 2024, 17:19

Type Values Removed Values Added
Summary
  • (es) El complemento LearnPress – WordPress LMS Plugin para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 4.2.6.8 incluida debido a la implementación incorrecta de la función get_items_permissions_check. Esto hace posible que atacantes no autenticados extraigan información básica sobre los usuarios del sitio web, incluidos sus correos electrónicos.
References () https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8/inc/jwt/rest-api/version1/class-lp-rest-users-v1-controller.php#L130 - () https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8/inc/jwt/rest-api/version1/class-lp-rest-users-v1-controller.php#L130 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve - Third Party Advisory
First Time Thimpress learnpress
Thimpress
CPE cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo

05 Jun 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-05 03:15

Updated : 2024-06-11 17:19


NVD link : CVE-2024-5483

Mitre link : CVE-2024-5483

CVE.ORG link : CVE-2024-5483


JSON object : View

Products Affected

thimpress

  • learnpress