Vulnerability in Learnpress Wordpress Plugin
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
EPSS: 0.502 (98.8th percentile) — read the EPSS interpretation.
Affected products
- N/a Learnpress Wordpress Plugin — versions <= 3.2.6.7
Public proof-of-concept exploits
References
- wordpress.org/plugins/learnpress/ (x_refsource_MISC)
- plugins.trac.wordpress.org/browser/learnpress/trunk/readme.txt (x_refsource_MISC)
- research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vul… (x_refsource_MISC)
- packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-6010?
- CVE-2020-6010 is a vulnerability in Learnpress Wordpress Plugin. Published 2020-04-30.
- Is CVE-2020-6010 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.