Lucene search
K

204 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.12 views

CVE-2021-24185

The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

6.5CVSS7.3AI score0.01253EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.8 views

CVE-2020-8615

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...

6.5CVSS6.9AI score0.0883EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.8 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS8AI score0.1064EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/02/24 2:49 p.m.9 views

CVE-2025-27353 WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through = 2.6.5...

4.3CVSS8.5AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:27 p.m.14 views

CVE-2022-45820

SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.1CVSS7.9AI score0.01005EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:52 a.m.25 views

CVE-2024-2411

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

9.8CVSS8AI score0.0154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:17 a.m.9 views

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

7.2CVSS5.9AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:59 p.m.16 views

CVE-2024-4318

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7.3AI score0.00511EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.6 views

PT-2025-3902 · WordPress · Sensei Lms

Name of the Vulnerable Software and Affected Versions: Sensei LMS WordPress plugin versions prior to 4.24.4 Description: The issue concerns the inadequate protection of some REST API routes in the Sensei LMS WordPress plugin, allowing unauthenticated attackers to leak information related to sense...

5.3CVSS9.2AI score0.00387EPSS
Exploits1References8
NVD
NVD
added 2025/01/25 8:15 a.m.20 views

CVE-2024-13599

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP...

6.4CVSS0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/06 1:6 p.m.21 views

CVE-2024-53809 WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through = 2.6.4.1...

4.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2024/11/21 11:15 a.m.58 views

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.82589EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.23 views

WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10400 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d0515de5a39b Credits mikemyers Required privilege Unauthenticated Publishe...

7.5CVSS7.2AI score0.82589EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/11/09 2:3 a.m.64 views

CVE-2024-9270

CVE-2024-9270 is active in Lenxel Core LMS (Lenxel Core) WordPress plugin prior to 1.2.3, vulnerable to Stored XSS via SVG file uploads due to insufficient input sanitization and output escaping. Affected versions up to 1.1 allow an authenticated attacker (Author+ level) to inject scripts in page...

6.4CVSS7.4AI score0.00337EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.15 views

WordPress Lenxel Core for Lenxel(LNX) LMS Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Lenxel Core for LenxelLNX LMS Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9270 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bea8ca18e070 Credits Francesco...

6.4CVSS5.8AI score0.00337EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/10/29 5:32 a.m.99 views

CVE-2024-10008

CVE-2024-10008 – Masteriyo LMS (WordPress) : Versions up to 1.13.3 are affected. An attacker with student-level access or higher can exploit missing authorization checks on the REST endpoint /wp-json/masteriyo/v1/users/$id to modify arbitrary user roles, enabling privilege escalation to Administr...

8.8CVSS8.6AI score0.00623EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.17 views

WordPress Masteriyo - LMS Plugin <= 1.13.3 is vulnerable to Cross Site Scripting (XSS)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.13.3 Fixed in 1.13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10000 Patch priority Low CVSS severity Low 6.5 Developer Masteriyo PSID 896bb27d11e1 Credits floerer Required privilege...

6.4CVSS5.7AI score0.00257EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 7:45 a.m.5 views

WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Namaste! LMS versions = 2.6.2...

6.5CVSS6.1AI score0.00269EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/09/12 9:15 a.m.50 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/09/12 8:30 a.m.51 views

CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
Rows per page
Query Builder