Vulnerability Details CVE-2020-11511
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html
- https://cwe.mitre.org/data/definitions/862.html
- https://wordpress.org/plugins/learnpress/#developers
- https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/
- http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html
- https://cwe.mitre.org/data/definitions/862.html
- https://wordpress.org/plugins/learnpress/#developers
- https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/
Products affected by CVE-2020-11511
-
cpe:2.3:a:thimpress:learnpress:-
-
cpe:2.3:a:thimpress:learnpress:1.0
-
cpe:2.3:a:thimpress:learnpress:2.0.6
-
cpe:2.3:a:thimpress:learnpress:2.0.9
-
cpe:2.3:a:thimpress:learnpress:2.1.0
-
cpe:2.3:a:thimpress:learnpress:2.1.3
-
cpe:2.3:a:thimpress:learnpress:2.1.4
-
cpe:2.3:a:thimpress:learnpress:2.1.5.2
-
cpe:2.3:a:thimpress:learnpress:2.1.5.3
-
cpe:2.3:a:thimpress:learnpress:2.1.6
-
cpe:2.3:a:thimpress:learnpress:2.1.7
-
cpe:2.3:a:thimpress:learnpress:2.1.8
-
cpe:2.3:a:thimpress:learnpress:3.0.0
-
cpe:2.3:a:thimpress:learnpress:3.1.0
-
cpe:2.3:a:thimpress:learnpress:3.2.1
-
cpe:2.3:a:thimpress:learnpress:3.2.2
-
cpe:2.3:a:thimpress:learnpress:3.2.5.2
-
cpe:2.3:a:thimpress:learnpress:3.2.6.5
-
cpe:2.3:a:thimpress:learnpress:3.2.6.7
-
cpe:2.3:a:thimpress:learnpress:3.2.6.8