CVE-2024-4444 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-4444?

CVE-2024-4444 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows unauthenticated attackers to bypass user registration controls in LearnPress WordPress LMS Plugin, enabling them to create accounts with default roles even when registration is disabled. It affects WordPress sites using LearnPress plugin versions up to 4.2.6.5.

📋 TL;DR

This vulnerability allows unauthenticated attackers to bypass user registration controls in LearnPress WordPress LMS Plugin, enabling them to create accounts with default roles even when registration is disabled. It affects WordPress sites using LearnPress plugin versions up to 4.2.6.5.

💻 Affected Systems

Products:

LearnPress - WordPress LMS Plugin

Versions: Up to and including 4.2.6.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with LearnPress plugin regardless of registration settings.

📦 What is this software?

Learnpress by Thimpress

View all CVEs affecting Learnpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers create administrator accounts if default role is set to admin, gaining full control of the WordPress site.

🟠

Likely Case

Attackers create subscriber/author accounts to post spam, access restricted content, or use as foothold for further attacks.

🟢

If Mitigated

If default role is set to low-privilege and registration monitoring is enabled, impact is limited to unwanted user accounts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted requests to the checkout endpoint without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.6.6 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3082204/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LearnPress plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable LearnPress Checkout

all

Temporarily disable LearnPress checkout functionality to prevent exploitation.

Add to wp-config.php: define('LP_DISABLE_CHECKOUT', true);

Web Application Firewall Rule

all

Block requests to vulnerable checkout endpoint.

WAF rule to block: POST requests to /checkout containing 'create_account' parameter

🧯 If You Can't Patch

Set default user role to lowest possible privilege (subscriber)
Implement rate limiting on checkout endpoint and monitor for suspicious registration attempts

🔍 How to Verify

Check if Vulnerable:

Check LearnPress plugin version in WordPress admin > Plugins > Installed Plugins

Check Version:

wp plugin list --name=learnpress --field=version

Verify Fix Applied:

Verify version is 4.2.6.6 or higher and test registration with disabled registration setting

📡 Detection & Monitoring

Log Indicators:

Multiple user registrations from same IP, registrations when registration is disabled, POST requests to /checkout with create_account parameter

Network Indicators:

Unusual POST requests to checkout endpoint from unauthenticated sources

SIEM Query:

source="wordpress" AND (uri_path="/checkout" OR uri_path="/wp-json/lp/v1/checkout") AND http_method="POST" AND user_agent!="WordPress/*"

📊 Metadata

CVE ID: CVE-2024-4444

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-862

Published: May 14, 2024

Last Updated: January 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4444, you might also want to check these: