CVE-2024-11868
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Dec 10, 2024
CWE ID 284
Summary
CVE-2024-11868 is a vulnerability affecting the LearnPress – WordPress LMS Plugin for WordPress. Versions up to and including 4.2.7.3 of this plugin are vulnerable to Sensitive Information Exposure. This issue is due to a flaw in the class-lp-rest-material-controller.php file, which allows unauthenticated attackers to extract potentially sensitive paid course material. The vulnerability could result in the exposure of valuable information, making it essential for users to update the plugin to a secure version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share