CVE-2024-6099

The LearnPress  WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WordfenceCNA
5.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
thimpresslearnpress
𝑥
< 4.2.6.8.2
𝑥
= Vulnerable software versions
References
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124
https://plugins.trac.wordpress.org/changeset/3109339/
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124
https://plugins.trac.wordpress.org/changeset/3109339/
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve