Description
WordPress Plugin WP Learn Manager is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create/edit arbitrary User Fields. WordPress Plugin WP Learn Manager version 1.1.4 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.1.5 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:56031D26-4B15-47D7-9FA3-135299D591DA
https://plugins.svn.wordpress.org/learn-manager/trunk/readme.txt
Related Vulnerabilities
Joomla Improper Input Validation Vulnerability (CVE-2021-26029)
Contao Improper Input Validation Vulnerability (CVE-2020-25768)
Caddy Web Server Improper Authentication Vulnerability (CVE-2026-30851)
phpMyAdmin Other Vulnerability (CVE-2006-1803)
phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)