Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.
AnalysisAI
WP Learn SQL Injection allows unauthenticated attackers to execute arbitrary SQL queries against the WordPress database, exposing all stored data.
Technical ContextAI
The WP Learn plugin by kamleshyadav has a CWE-89 SQL injection vulnerability that allows unauthenticated attackers to inject arbitrary SQL commands through unsanitized input parameters.
Affected ProductsAI
WP Learn WordPress plugin by kamleshyadav
RemediationAI
Remove or update the plugin. Use WordPress security plugins with SQLi protection.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today