Lucene search
K

248 matches found

Prion
Prion
added 2020/04/30 3:15 p.m.30 views

Sql injection

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

6.5CVSS9AI score0.49231EPSS
Exploits6References4Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/04/30 12:0 a.m.2 views

WordPress LearnPress Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress LearnDash Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

4.9AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/04/28 12:0 a.m.25 views

LearnPress < 3.2.6.9 - Authenticated Post Creation and Status Modification

The LearnPress plugin for WordPress allows authenticated remote attackers with minimal permissions to create pages with arbitrary titles, or modify the publication status of any existing page, via the learnpresscreatepage or learnpressupdateorderstatus AJAX actions...

6AI score
Exploits0References1Affected Software1
NVD
NVD
added 2020/03/16 6:15 p.m.28 views

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

6.5CVSS6.6AI score0.01116EPSS
Exploits0References1
OSV
OSV
added 2020/03/16 6:15 p.m.4 views

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

6.5CVSS6.6AI score0.01116EPSS
Exploits0References1
Prion
Prion
added 2020/03/16 6:15 p.m.20 views

Authentication flaw

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

4CVSS6.6AI score0.01116EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/11/12 12:0 a.m.5 views

WordPress plugin LearnPress cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin LearnPress, which can be exploited by an attacker to...

6.1CVSS6.2AI score0.00952EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/09 7:13 a.m.5 views

Multiple vulnerabilities in WordPress plugin "LearnPress"

Overview WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Open Redirect CWE-601 - CVE-2018-16174 SQL Injection CWE-89 - CVE-2018-16175 Daiki Sueyoshi of Cryptography Laboratory, Department of Information and Communicati...

7.2CVSS7.8AI score0.01306EPSS
Exploits0References12
Rows per page
Query Builder