Description
WordPress Plugin LearnPress-WordPress LMS is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently rename an arbitrary image file. WordPress Plugin LearnPress-WordPress LMS version 4.1.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.1.5 or latest
References
https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/
Related Vulnerabilities
WordPress Plugin WTI Like Post Cross-Site Scripting (1.4.4)
WordPress Plugin Galleries by Angie Makes Cross-Site Scripting (1.67)
WordPress Plugin Image Slider Cross-Site Request Forgery (1.1.121)
IBMHttpServer Other Vulnerability (CVE-2001-0122)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-38268)