Lucene search
K

204 matches found

Vulnrichment
Vulnrichment
added 2024/06/05 2:34 a.m.21 views

CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of getitemspermissionscheck function. This makes it possible for unauthenticated attackers to extract basic...

5.3CVSS6.6AI score0.01008EPSS
Exploits0References2
NVD
NVD
added 2024/05/22 6:15 a.m.28 views

CVE-2024-4971

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.4CVSS6.3AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/22 5:32 a.m.18 views

CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.4CVSS6.3AI score0.00295EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.18 views

LearnPress – WordPress LMS Plugin < 4.2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.4CVSS6.5AI score0.00295EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.4 views

WordPress plugin LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.5AI score0.02112EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 5:33 a.m.63 views

CVE-2024-4318

CVE-2024-4318 (Tutor LMS – WordPress) is a time-based SQL Injection in Tutor LMS up to and including version 2.7.0 via the question_id parameter, caused by insufficient escaping and improper query preparation. Exploitation is possible by authenticated users with Instructor-level permissions and h...

8.8CVSS7.1AI score0.00511EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/05/16 12:0 a.m.15 views

WordPress Tutor LMS Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4223 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 86348e33f1ae Credits villu164 Required privilege...

9.8CVSS6.5AI score0.00517EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/14 3:43 p.m.24 views

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to register as the...

6.5CVSS5.7AI score0.00712EPSS
Exploits1References4
NVD
NVD
added 2024/05/14 3:43 p.m.31 views

CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

8.8CVSS8.9AI score0.01025EPSS
Exploits0References3
CVE
CVE
added 2024/05/10 9:32 a.m.57 views

CVE-2024-4277

CVE-2024-4277 affects LearnPress – WordPress LMS Plugin. Affected: all WordPress versions up to and including 4.2.6.5. Root cause: insufficient input sanitization and output escaping in the layout_html parameter. Impact: authenticated attackers with contributor-level access can store scripts that...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 9:32 a.m.18 views

CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouthtml’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/10 8:32 a.m.116 views

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to register as the...

5.3CVSS5.9AI score0.00712EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/10 8:32 a.m.26 views

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to register as the...

5.3CVSS6.8AI score0.00712EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.33 views

CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

8.8CVSS9.1AI score0.01025EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/09 12:0 a.m.23 views

LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Instructor+) Arbitrary File Upload

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-lev...

8.8CVSS7.9AI score0.01025EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/09 12:0 a.m.26 views

LearnPress – WordPress LMS Plugin < 4.2.6.6 - Unauthenticated Time-Based SQL Injection

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS9.6AI score0.36925EPSS
Exploits2References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/04/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-33939

The Masteriyo LMS Plugin for WordPress is vulnerable to an insecure direct object reference that could allow unauthenticated adversaries to view other users course progress. Versions up to and including 1.7.3 are vulnerable via the REST API...

5.3CVSS5.7AI score0.00843EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.8 views

The vulnerability of the tutor_delete_announcement() function in the Tutor LMS plugin for WordPress content management system allows a user to elevate their privileges.

The vulnerability of the tutordeleteannouncement function in the Tutor LMS content management system for WordPress is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

5.5CVSS7.7AI score0.00428EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.6 views

The vulnerability of the hide_notices() function in the Tutor LMS plugin for WordPress content management system allows a violator to gain access to read and modify data.

The vulnerability of the hidenotices function in the Tutor LMS plugin for WordPress-related content management systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to and modify data...

6.5CVSS5.5AI score0.00466EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.10 views

WordPress Masteriyo - LMS Plugin <= 1.7.3 is vulnerable to Broken Authentication

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-33939 Patch priority Medium CVSS severity Medium 5.3 Developer Masteriyo PSID ce37ea579b31 Credits Steven Julian Required privilege...

6.6AI score0.00843EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder