AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-4397: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t

highvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2024CVE-2024-4397

Summary

LearnPress, a WordPress plugin for learning management systems, has a vulnerability (CVE-2024-4397) in versions up to 4.2.6.5 where the 'save_post_materials' function doesn't properly check file types before uploading. This means instructors and higher-level users could upload malicious files to the server, potentially leading to RCE (remote code execution, where attackers run arbitrary commands on a system they don't own).

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 14.9%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-434

CAPEC (Attack Pattern)

CAPEC-1

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-4397

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%