CVE-2021-24951

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions prior to 4.1.4

Description: The issue arises from the lack of sanitization, validation, and escaping of the id parameter in SQL statements when duplicating courses, lessons, quizzes, or questions. This leads to SQL injection issues.

Recommendations: For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the course/lesson/quiz/question duplication feature until the update is applied.