Security Advisory

CVE-2022-3360

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-10-31 00:00:00

Last updated 2025-05-06 20:39:30

Assigner WPScan

State PUBLISHED

Description

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.

← Browse all CVEs View on cve.org ↗