CVE-2024-11868 Scanner

LearnPress is a WordPress Learning Management System (LMS) plugin widely used by educational platforms to create and manage online courses. It is used by schools, universities, and educators to facilitate e-learning experiences. The software allows instructors to publish educational materials, track student progress, and manage course enrollments. Typically, users interact with LearnPress through its web interface integrated into WordPress sites. Educational institutions opt for LearnPress due to its comprehensive features, ease of use, and flexibility. The plugin supports both free and paid courses, with paid materials particularly at risk of exposure.

The vulnerability in LearnPress involves a sensitive information disclosure caused by insecure handling of course materials. Unauthorized users can access and extract paid course content due to this weakness. Information leakage can occur because the plugin does not enforce access restrictions on certain resources, making them available to anyone who knows how to access the endpoints. This flaw can lead to intellectual property theft, where valuable educational content is extracted without permission. As sensitive course materials can be accessed without authentication, the privacy of educational content is compromised.

Technically, this vulnerability arises from improper access control in the class-lp-rest-material-controller.php file. The vulnerable endpoint is accessible at '/wp-json/lp/v1/material/item-materials/1', which exposes sensitive content. It is susceptible due to the plugin failing to validate user privileges before serving course material. The parameter 'file_name' involved in the request plays a crucial role, as it allows extraction of course files. Attackers can send crafted HTTP GET requests to this endpoint to retrieve sensitive data inadvertently exposed due to this vulnerability.

If exploited, this vulnerability can lead to significant consequences for affected parties. Educational institutions might face unauthorized distribution of proprietary content, resulting in financial losses. Furthermore, the privacy of students and educators may be breached as confidential information becomes accessible to unauthorized parties. Exploitation could also damage reputations of institutions relying on the security of their learning platforms. Consequently, it is vital for administrators to address this weakness promptly to safeguard educational materials and prevent unauthorized data access.

REFERENCES

• https://wpscan.com/vulnerability/7524ffd8-3506-48f7-89b6-d07b40533756/8