CVE-2022-45808

CRITICAL EXPLOITED NUCLEI

Thimpress Learnpress < 4.1.7.3.2 - SQL Injection

Title source: rule

Description

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · infoleak
https://github.com/RandomRobbieBF/CVE-2022-45808

Nuclei Templates (1)

LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi
CRITICALVERIFIEDby DhiyaneshDK
Shodan: http.html:"/wp-content/plugins/learnpress"
FOFA: body="/wp-content/plugins/learnpress"

References (2)

Scores

CVSS v3 9.9
EPSS 0.8357
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Exploitation Intel

VulnCheck KEV 2023-01-20

Classification

CWE
CWE-89
Status published

Affected Products (1)

thimpress/learnpress < 4.1.7.3.2

Timeline

Published Jan 26, 2023
Tracked Since Feb 18, 2026