Vulnerability Details CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
Exploit prediction scoring system (EPSS) score
EPSS Score 0.507
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html
- https://plugins.trac.wordpress.org/browser/learnpress/trunk/readme.txt?rev=2288975
- https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins/
- https://wordpress.org/plugins/learnpress/#developers
- http://packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html
- https://plugins.trac.wordpress.org/browser/learnpress/trunk/readme.txt?rev=2288975
- https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins/
- https://wordpress.org/plugins/learnpress/#developers
Products affected by CVE-2020-6010
-
cpe:2.3:a:thimpress:learnpress:-
-
cpe:2.3:a:thimpress:learnpress:1.0
-
cpe:2.3:a:thimpress:learnpress:2.0.6
-
cpe:2.3:a:thimpress:learnpress:2.0.9
-
cpe:2.3:a:thimpress:learnpress:2.1.0
-
cpe:2.3:a:thimpress:learnpress:2.1.3
-
cpe:2.3:a:thimpress:learnpress:2.1.4
-
cpe:2.3:a:thimpress:learnpress:2.1.5.2
-
cpe:2.3:a:thimpress:learnpress:2.1.5.3
-
cpe:2.3:a:thimpress:learnpress:2.1.6
-
cpe:2.3:a:thimpress:learnpress:2.1.7
-
cpe:2.3:a:thimpress:learnpress:2.1.8
-
cpe:2.3:a:thimpress:learnpress:3.0.0
-
cpe:2.3:a:thimpress:learnpress:3.1.0
-
cpe:2.3:a:thimpress:learnpress:3.2.1
-
cpe:2.3:a:thimpress:learnpress:3.2.2
-
cpe:2.3:a:thimpress:learnpress:3.2.5.2
-
cpe:2.3:a:thimpress:learnpress:3.2.6.5
-
cpe:2.3:a:thimpress:learnpress:3.2.6.7