Description
WordPress Plugin LearnPress-WordPress LMS is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently rename an arbitrary image file. WordPress Plugin LearnPress-WordPress LMS version 4.1.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.1.5 or latest
References
https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/
Related Vulnerabilities
WordPress Plugin WP User Groups Cross-Site Request Forgery (2.0.0)
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5293)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.17)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)
WordPress Plugin Frontend File Manager Arbitrary File Upload (1.8)