CVE-2023-6634

Name of the Vulnerable Software and Affected Versions LearnPress plugin for WordPress versions up to, and including, 4.2.5.7

Description The issue is related to the LearnPress plugin for WordPress, which is vulnerable to command injection in all versions up to, and including, 4.2.5.7. This vulnerability is due to the plugin's use of the call user func function with user input through the get content function. As a result, unauthenticated attackers can execute any public function with one parameter, potentially leading to remote code execution.

Recommendations For versions up to, and including, 4.2.5.7, update to a version later than 4.2.5.7 to resolve the issue. As a temporary workaround, consider disabling the get content function until a patch is available. Restrict access to the call user func function to minimize the risk of exploitation.