CVE-2024-8529

CRITICAL EXPLOITED NUCLEI

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2024-8529 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including RandomRobbieBF, abrahack, Valentin Lobstein, Achref Ben Thameur a.k.a achrefthameur, including a Metasploit module auxiliary/scanner/http/wp_learnpress_c_fields_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2024-8529, an unauthenticated SQL injection vulnerability in the LearnPress WordPress plugin. The exploit leverages the 'c_fields' parameter in the REST API endpoint to perform boolean-based and time-based blind SQL injection attacks.

Description

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Exploits (2)

nomisec WORKING POC 2 stars
by RandomRobbieBF · infoleak
https://github.com/RandomRobbieBF/CVE-2024-8529

This repository contains a proof-of-concept for CVE-2024-8529, an unauthenticated SQL injection vulnerability in the LearnPress WordPress plugin. The exploit leverages the 'c_fields' parameter in the REST API endpoint to perform boolean-based and time-based blind SQL injection attacks.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: LearnPress – WordPress LMS Plugin <= 4.2.7
No auth needed
Prerequisites: Access to the target WordPress site with LearnPress plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by abrahack, Valentin Lobstein, Achref Ben Thameur a.k.a achrefthameur · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_learnpress_c_fields_sqli.rb

This Metasploit module exploits unauthenticated SQL injection vulnerabilities (CVE-2024-8522 and CVE-2024-8529) in the LearnPress WordPress LMS Plugin via the 'c_only_fields' and 'c_fields' parameters. It uses time-based blind SQL injection to extract sensitive information such as user credentials.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: LearnPress WordPress LMS Plugin up to version 4.2.7
No auth needed
Prerequisites: Target running vulnerable LearnPress plugin · Network access to the WordPress site
devstral-2 · analyzed Jun 05, 2026 Full analysis →

Nuclei Templates (1)

LearnPress < 4.2.7.1 - SQL Injection
CRITICALVERIFIEDby ritikchaddha,iacker
FOFA: body="wp-content/plugins/learnpress"

References (3)

Core 3

Scores

CVSS v3 10.0
EPSS 0.1208
EPSS Percentile 95.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-09-12
CWE
CWE-89
Status published
Products (2)
thimpress/learnpress < 4.2.7.1
thimpress/LearnPress – WordPress LMS Plugin for Create and Sell Online Courses < 4.2.7
Published Sep 12, 2024
Tracked Since Feb 18, 2026