Lucene search
K

204 matches found

CNNVD
CNNVD
added 2022/08/29 12:0 a.m.6 views

WordPress plugin Sensei LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS6.7AI score0.00645EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2022/08/22 12:0 a.m.12 views

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 PoC https://example.com/wp-admin/post.php?post=1369=edittab=general'...

0.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/04 12:0 a.m.9 views

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...

4.3CVSS4AI score0.00645EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress "LMS Plugin – eLearning, Online Courses by Attest" plugin <= 1.7.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress "LMS Plugin – eLearning, Online Courses by Attest" plugin versions = 1.7.4. Solution No patched version available...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress "LMS Plugin – eLearning, Online Courses by Attest" plugin <= 1.7.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "LMS Plugin – eLearning, Online Courses by Attest" plugin versions = 1.7.4. Solution No patched version available...

2.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/07 4:15 p.m.5 views

CVE-2021-25029

The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/10/21 7:38 p.m.30 views

CVE-2021-39348 LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...

5.5CVSS5.1AI score0.05037EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2021/10/19 12:0 a.m.17 views

Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/student-registration/?userlogin="...

6.1CVSS0.1AI score0.00757EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Tutor LMS plugin in versions prior to 1.9.9 has a cross-site scripting vulnerability, which stems from the plugin's...

4.8CVSS5.6AI score0.00622EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.34 views

CVE-2021-24621 WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

5.1AI score0.00617EPSS
Exploits2References1
NVD
NVD
added 2021/08/02 11:15 a.m.8 views

CVE-2021-24504

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

6.1CVSS0.00762EPSS
Exploits2References1
NVD
NVD
added 2021/08/02 11:15 a.m.24 views

CVE-2021-24455

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements when outputting it in an attribute, which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered...

5.4CVSS0.00747EPSS
Exploits2References1
Prion
Prion
added 2021/08/02 11:15 a.m.12 views

Cross site request forgery (csrf)

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any...

4.3CVSS6AI score0.00762EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/02 12:0 a.m.3 views

PT-2021-16026 · WordPress · Wplms

Name of the Vulnerable Software and Affected Versions: The WP LMS – Best WordPress LMS Plugin versions 1.1.2 and earlier Description: The issue arises from the plugin's failure to properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Additionally, the lack ...

6.1CVSS6AI score0.00762EPSS
Exploits2References5
OSV
OSV
added 2021/05/24 11:15 a.m.15 views

CVE-2021-24308

The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...

5.4CVSS5.3AI score
Exploits0References3
OSV
OSV
added 2021/04/05 7:15 p.m.4 views

CVE-2021-24181

The tutormarkanswerascorrect AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

6.5CVSS6.6AI score0.01253EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.01742EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24186

The tutoransweringquizquestion/getanswerbyid function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.01253EPSS
Exploits2References1
OSV
OSV
added 2020/11/12 2:15 p.m.5 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.4AI score0.1064EPSS
Exploits2References1
CVE
CVE
added 2020/11/12 1:47 p.m.79 views

CVE-2020-27481

Good Layers LMS Plugin

9.8CVSS9.8AI score0.1064EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder