Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the endpoint uses file_id from the URL path but the permission callback validates item_id from the request body. This makes it possible for authenticated attackers, with teacher-level access, to delete arbitrary lesson material files uploaded by other teachers via sending a DELETE request with their own item_id (to pass authorization) while targeting another teacher's file_id.
Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:NI:LA:L5.4/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LOther