CVE-2024-11868

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 10, 2024
CWE ID 284

Summary

CVE-2024-11868 is a vulnerability affecting the LearnPress – WordPress LMS Plugin for WordPress. Versions up to and including 4.2.7.3 of this plugin are vulnerable to Sensitive Information Exposure. This issue is due to a flaw in the class-lp-rest-material-controller.php file, which allows unauthenticated attackers to extract potentially sensitive paid course material. The vulnerability could result in the exposure of valuable information, making it essential for users to update the plugin to a secure version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share