CVE-2022-0377

MEDIUM

LearnPress <4.1.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-0377. PoCs published by Ceylan BOZOĞULLARINDAN.

AI-analyzed exploit summary This exploit demonstrates an arbitrary image renaming vulnerability in WordPress Plugin Learnpress 4.1.4.1, allowing an authenticated attacker to rename arbitrary image files by manipulating the `lp-user-avatar-crop[name]` parameter in a POST request.

Description

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.

Exploits (1)

exploitdb WORKING POC

by Ceylan BOZOĞULLARINDAN · textwebappsphp

https://www.exploit-db.com/exploits/50706

View Code ZIP pw:eip

This exploit demonstrates an arbitrary image renaming vulnerability in WordPress Plugin Learnpress 4.1.4.1, allowing an authenticated attacker to rename arbitrary image files by manipulating the `lp-user-avatar-crop[name]` parameter in a POST request.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Learnpress 4.1.4.1

Auth required

Prerequisites: Authenticated user access to the LearnPress profile page · Ability to intercept and modify HTTP requests

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26

Exploit, Third Party Advisory

https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/

Patch, Third Party Advisory

https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf

View Patch ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0321

EPSS Percentile 86.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-327

Status published

Products (1)

thimpress/learnpress < 4.1.5

Published Feb 28, 2022

Tracked Since Feb 18, 2026