CVE-2023-6567

Confirmed PUBLISHED

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including,...

thimpress · LearnPress – WordPress LMS Plugin

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
6
Unique Attacker IPs
5
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.8 Critical EPSS 51.4%

At a Glance

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

wordpress nuclei_scanner
CVE Published
Jan 11, 2024
Exploitation Reported
Jun 12, 2026
CVSS
9.8 Critical
EPSS
51.4%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
thimpress
LearnPress – WordPress LMS Plugin

* to <= 4.2.5.7

Affected

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.