248 matches found
Sql injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...
WordPress LearnPress Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress LearnDash Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
LearnPress < 3.2.6.9 - Authenticated Post Creation and Status Modification
The LearnPress plugin for WordPress allows authenticated remote attackers with minimal permissions to create pages with arbitrary titles, or modify the publication status of any existing page, via the learnpresscreatepage or learnpressupdateorderstatus AJAX actions...
CVE-2020-7916
beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...
CVE-2020-7916
beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...
Authentication flaw
beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...
WordPress plugin LearnPress cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin LearnPress, which can be exploited by an attacker to...
Multiple vulnerabilities in WordPress plugin "LearnPress"
Overview WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Open Redirect CWE-601 - CVE-2018-16174 SQL Injection CWE-89 - CVE-2018-16175 Daiki Sueyoshi of Cryptography Laboratory, Department of Information and Communicati...