CVE-2024-11868

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.3

Description The issue concerns Sensitive Information Exposure, allowing unauthenticated attackers to extract potentially sensitive paid course material through the class-lp-rest-material-controller.php file. This makes it possible for attackers to access confidential information without proper authentication.

Recommendations For versions up to, and including, 4.2.7.3, consider updating to a version later than 4.2.7.3 to resolve the issue. As a temporary workaround, consider restricting access to the class-lp-rest-material-controller.php file until a patch is available. Additionally, restrict access to potentially sensitive paid course material to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.