{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50793?format=json","vulnerability_id":"VCID-xf94-a26c-87ej","summary":"The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.","aliases":[{"alias":"CVE-2024-6099"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6099","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25933","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6099"},{"reference_url":"https://plugins.trac.wordpress.org/changeset/3109339/","reference_id":"3109339","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T14:05:58Z/"}],"url":"https://plugins.trac.wordpress.org/changeset/3109339/"},{"reference_url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve","reference_id":"7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T14:05:58Z/"}],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve"},{"reference_url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124","reference_id":"class-lp-checkout.php#L124","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T14:05:58Z/"}],"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124"}],"weaknesses":[{"cwe_id":420,"name":"Unprotected Alternate Channel","description":"The product protects a primary channel, but it does not use the same level of protection for an alternate channel."}],"exploits":[],"severity_range_score":"5.3 - 5.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xf94-a26c-87ej"}