14 matches found
CVE-2026-31914
The connected PATCHSTACK entry identifies a Cross Site Scripting (XSS) vulnerability in the WordPress WP Courses LMS plugin, versions <= 3.2.26. Vulnerable component: WP Courses LMS plugin; affected version range:
WordPress plugin WP Courses LMS 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2021-24707
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Training – Courses versions = 2.0.1...
WordPress plugin Sensei Pro (WC Paid Courses) Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Sensei Pro WC Paid Courses versions = 4.23.1.1.23.1...
WordPress Easy Digital Downloads – Courses Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Easy Digital Downloads – Courses Type Plugin Vulnerable versions = 0.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 03375981d3ea Credits Rafie Muhammad...
WordPress Easy Courses Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Easy Courses Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e3ad0b50099b Credits Rafie Muhammad Patchstack Required...
WordPress Easy Digital Downloads – Courses plugin <= 0.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Digital Downloads – Courses plugin versions = 0.1.0. Solution Update the WordPress Easy Digital Downloads – Courses plugin to the latest available version at least 0.1.1...
CVE-2021-24707
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Design/Logic Flaw
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
VulnCheck KEV: CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...