CVE-2022-47615

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions <= 4.1.7.3.2

Description The issue is related to a Local File Inclusion vulnerability. It concerns the list courses() function of the LearnPress plugin in the WordPress content management system. The vulnerability is associated with insufficient restrictions on the directory path name when processing variables such as template pagination path, template path, and template path item. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For LearnPress – WordPress LMS Plugin versions <= 4.1.7.3.2, consider disabling the list courses() function as a temporary workaround until a patch is available. Restrict access to the variables template pagination path, template path, and template path item to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.