CVE-2024-8522 — AI Deep Analysis Summary

🚨 **Essence**: Unauthenticated SQL Injection in LearnPress REST API. 💥 **Consequences**: Attackers can extract sensitive DB data, create admin accounts, and gain full system control.…

🛡️ **CWE-89**: SQL Injection. 🔍 **Root Cause**: Insufficient escaping of user-supplied parameters (`c_only_fields`) and lack of prepared statements in existing SQL queries within the REST API endpoint.

🏢 **Vendor**: ThimPress. 📦 **Product**: LearnPress – WordPress LMS Plugin. 📅 **Affected**: Versions **4.2.7 and earlier**. 🌐 **Platform**: WordPress sites using this plugin.

🕵️ **Privileges**: Unauthenticated access required. 📊 **Data**: Extract sensitive database info. 👑 **Action**: Create new admin users via SQLi, leading to full website compromise and system access.

⚡ **Threshold**: LOW. 🚫 **Auth**: None required (Unauthenticated). 🌍 **Config**: Remote exploitation via REST API (`/wp-json/learnpress/v1/courses`). Easy to exploit for anyone.

✅ **Yes**. Public POCs available on GitHub (e.g., `realbotnet`, `Avento`). 📜 **Details**: Exploits `c_only_fields` parameter. Nuclei templates also exist for automated scanning. CVSS Score: 10.0.

🔍 **Check**: Scan for LearnPress plugin version ≤ 4.2.7. 🧪 **Test**: Target `/wp-json/learnpress/v1/courses` with SQLi payloads in `c_only_fields`.…

🔧 **Fix**: Upgrade to version **4.2.7.1** or later. 📝 **Patch**: Official changeset 3148560 addresses the escaping and query preparation issues in `class-lp-rest-courses-v1-controller.php`.

🚧 **Workaround**: If patching is delayed, restrict REST API access via WAF rules. 🛑 **Block**: Filter malicious payloads targeting `c_only_fields` in the LearnPress REST endpoint. Disable plugin if not in use.

🔥 **Priority**: CRITICAL. 🚨 **Urgency**: Immediate action required. CVSS 10.0 + Unauthenticated + Public POCs = High risk of active exploitation. Patch immediately to prevent data breach and admin takeover.