Login

Tag Archives: LearnPress

Plugin Security Scorecard Grade for LearnPress

Checked on August 13, 2024
C

See issues causing the plugin to get less than A+ grade

26 Jan 2024

Catching a Future Vulnerability in a WordPress Plugin With Our Plugin Security Checker

One of the tools we have to try to help make WordPress plugins more secure is our Plugin Security Checker, which flags possible security issues in WordPress plugins. From time to time, we spot check the results of plugins from the WordPress Plugin Directory being run through that to make sure we are limiting mistakes it might make. Through that we saw that the 90,000+ install plugin LearnPress had insecure code that could lead to reflected-cross-site scripting (XSS) because user input was being output without escaping it:

[Read more]

17 Jan 2024

Hacker Targeting Vulnerability Fixed in WordPress Plugin LearnPress Late Last Month

On Monday, our Plugin Vulnerabilities Firewall plugin blocked a couple of exploit attempts on our website that we didn’t already have data to identify the WordPress plugin being targeted. In investigating that, we found they were attempts to exploit a remotedcode execution (RCE) vulnerability in the 90,000+ install WordPress plugin LearnPress, which was fixed on December 25 in version 4.2.5.8. The developer disclosed there was a security fix in that version, but barely. One of the changelog entries for that version reads “Fixed: security.”. The vulnerability allows an attacker to run arbitrary PHP code on the website.

This may be connected to CVE-2023-6634, though the record for it is lacking the information needed to be sure of that. If it is connected to that, the CVE Record is wrong, as it says “all versions up to, and including, 4.2.5.7” are vulnerable, but the code attempted to be exploited was added in 4.2.5.7. [Read more]

28 Oct 2022

Not Really a WordPress Plugin Vulnerability, Week of October 28

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports, we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular, are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to the level of getting their own post, we now place them in a weekly post when we come across them.

PHP Object Injection in LearnPress

Automattic’s WPScan claimed a PHP object injection vulnerability had existed in LearnPress. The proof of concept provided doesn’t work, despite their claim to have verified this. The description for the claimed vulnerability explains why that is, without acknowledging the proof of concept doesn’t work. They wrote this: [Read more]

21 Dec 2018

Our Plugin Security Checker Led to Finding a File Writing Vulnerability in a WordPress Plugin with 50,000+ Installs

Yesterday we detailed an arbitrary file upload vulnerability we had noticed had previously been in the plugin LearnPress through a check being run over changes being made to WordPress plugins as part of our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities to see if that check might be something that we could add to our Plugin Security Checker, which is a tool that allows anyone to see if there are possible security issues in plugins that could use further investigation. After finding that it identified that issue in LearnPress we added the check to the Plugin Security Checker and then ran the plugin through to make sure the check was properly implemented. When we did that we found that the tool was flagging a number of other possible issues. We happened to take a look at one of the issues and find that the plugin allows writing arbitrary content to a file, which could be, say, combined with a local file inclusion (LFI) vulnerability to cause malicious code to run.

This vulnerability is yet another good example of where our Plugin Security Checker and someone knowledgeable of security reviewing its results can come in handy, as that vulnerability has existed in the plugin since the first version, which was released three and half years ago. If you are a paying customer of our service you can suggest/vote for plugins to receive a security review that includes checking over any issue identified by the tool or you can order the same type of review separately that will also included reviewing the results of the tool. [Read more]

20 Dec 2018

Vulnerability Details: Arbitrary File Upload In LearnPress

Recently we improved the software used as part of our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities to function more similarly to our Plugin Security Checker. That now allows us to test out possible additions to the Plugin Security Checker before implementing in something that is accessible by others. Through a new check we were testing out (and have now implemented in the Plugin Security Checker) code in the plugin LearnPress was flagged as possibly having arbitrary file upload vulnerability. In looking in to that we found that while the code is vulnerable it is no longer run by the plugin, so it can’t be exploited directly through the plugin. Though it is possible it could be accessed through a vulnerability that allows running arbitrary PHP functions to run (like a vulnerability we spotted being introduced in to another plugin about a month ago).

[Read more]