Описание
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.
Уязвимость функции call_user_func плагина LearnPress системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3
9.8 Critical
CVSS3