CVE-2025-24740
📋 TL;DR
This vulnerability allows attackers to redirect users from a legitimate LearnPress WordPress plugin page to malicious external websites. It affects all WordPress sites using LearnPress plugin versions up to and including 4.2.7.1.
💻 Affected Systems
- ThimPress LearnPress WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.
Likely Case
Attackers use the redirect for phishing campaigns, tricking users into visiting malicious sites that appear legitimate.
If Mitigated
With proper user awareness training and browser security controls, users might recognize suspicious redirects before providing sensitive information.
🎯 Exploit Status
Open redirect vulnerabilities are commonly exploited in phishing campaigns and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2.7.2 or later
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/learnpress/vulnerability/wordpress-learnpress-plugin-4-2-7-1-open-redirection-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LearnPress and click 'Update Now'. 4. Verify update to version 4.2.7.2 or higher.
🔧 Temporary Workarounds
Disable LearnPress Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate learnpress
Web Application Firewall Rule
allBlock redirects to external domains from LearnPress endpoints
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict redirect destinations
- Monitor web server logs for suspicious redirect patterns and block malicious IPs
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > LearnPress version. If version is 4.2.7.1 or lower, system is vulnerable.Check Version:
wp plugin get learnpress --field=versionVerify Fix Applied:
Confirm LearnPress plugin version is 4.2.7.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual redirect patterns in web server access logs
- Multiple requests to LearnPress endpoints with external URL parameters
Network Indicators:
- HTTP 302/301 redirects from LearnPress pages to external domains
- Suspicious referrer headers in traffic
SIEM Query:
source="web_server" AND (url="*learnpress*" AND (status=302 OR status=301) AND destination_domain!=original_domain)