This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Unauthenticated SQL Injection (SQLi) in LearnPress plugin. π₯ **Consequences**: Attackers can extract sensitive database info, compromising data integrity & confidentiality.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-89 (SQL Injection). β **Flaw**: Insufficient escaping of user-supplied parameters & lack of prepared statements in SQL queries.
π΅οΈ **Privileges**: Unauthenticated (No login needed). π **Data**: Extract sensitive info from the database via the REST API endpoint.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. πͺ **Auth**: None required. βοΈ **Config**: Exploitable via standard REST API (`/wp-json/lp/v1/courses/archive-course`).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit**: **YES**. π **PoC**: Available on GitHub (RandomRobbieBF) & Nuclei templates. π **Wild Exploitation**: Likely due to low barrier.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for LearnPress plugin version β€ 4.2.7. π§ͺ **Test**: Probe `c_fields` parameter in the archive-course REST API endpoint.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **YES**. π **Patch**: Upgrade to version **4.2.7.1** or later. π **Ref**: WordPress Trac changeset confirms fix.
Q9What if no patch? (Workaround)
π§ **Workaround**: If unpatched, restrict access to `/wp-json/lp/v1/courses/archive-course` via WAF or firewall rules. π Block unauthenticated API calls.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **HIGH**. π¨ **Priority**: Critical. CVSS Score implies High Impact. Immediate patching or mitigation required to prevent data breach.