Published:2018/11/09  Last Updated:2018/11/09

JVN#85760090
Multiple vulnerabilities in WordPress plugin "LearnPress"

Overview

WordPress plugin "LearnPress" contains multiple vulnerabilities.

Products Affected

  • LearnPress prior to version 3.1.0

Description

WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below.

  • Cross-site Scripting (CWE-79) - CVE-2018-16173
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • Open Redirect (CWE-601) - CVE-2018-16174
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Base Score: 4.7
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • SQL Injection (CWE-89) - CVE-2018-16175
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 7.2
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:P Base Score: 6.5

Impact

  • An arbitrary script may be executed on the logged in user's web browser - CVE-2018-16173
  • Accessing a specially crafted URL may lead a logged in user to be redirected to an arbitrary website, which may result in a phishing attack - CVE-2018-16174
  • A user with an administrative privilege may execute an arbitrary SQL command - CVE-2018-16175

Solution

Update the plugin
Update the plugin according to the information provided by the developer.
 

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Daiki Sueyoshi of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University directly reported these vulnerabilities to the developer and coordinated on his own.
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2018-16173
CVE-2018-16174
CVE-2018-16175
JVN iPedia JVNDB-2018-000117