CVE-2021-24951

Summary

The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues

Affected Software

VendorProductVersion RangeStatus
UnknownLearnPress – WordPress LMS Plugin4.1.4 < 4.1.4affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References