Lucene search
K

807 matches found

Patchstack
Patchstack
added 2026/01/29 9:14 p.m.6 views

WordPress LearnPress plugin < 4.2.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin LearnPress versions 4.2.7.2...

4.8CVSS5.9AI score0.00363EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.7 views

CVE-2026-24361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress - Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress - Course Review: from n/a through = 4.1.9...

6.5CVSS5.4AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.7 views

CVE-2026-24361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through = 4.1.9...

6.5CVSS0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.5 views

CVE-2026-24361 WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress Course Review: from n/a through = 4.1.9...

6.5CVSS5.4AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.12 views

CVE-2026-24361

CVE-2026-24361 is a Stored XSS in the WordPress plugin LearnPress – Course Review, affected versions 4.1.9) or apply vendor-provided fixes. If upgrading, verify the plugin is updated to a version where the XSS is addressed. Other connected advisories corroborate the same vulnerability descriptio...

6.5CVSS5.2AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2026-24361 WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through = 4.1.9...

6.5CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2026-24361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress - Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress - Course Review: from n/a through = 4.1.9...

6.5CVSS5.3AI score0.00133EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.4 views

WordPress plugin LearnPress – Course Review Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.11 views

PT-2026-4256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress Course Review: from n/a through = 4.1.9...

5.4AI score0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 4:22 a.m.4 views

CVE-2025-14798

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 4:15 a.m.3 views

CVE-2025-14798

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS0.00246EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 3:25 a.m.19 views

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:25 a.m.4 views

CVE-2025-14798

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS5.3AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/01/20 3:25 a.m.18 views

CVE-2025-14798

CVE-2025-14798 : LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Disclosure via REST API (via get_item_permissions_check). Affected versions: up to 4.3.2.4. Impact per sources: exposure of user first/last names, social profile links, enrollme...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 3:25 a.m.6 views

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3534

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get item permissions check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.4 views

WordPress plugin LearnPress has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/19 9:54 p.m.8 views

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 1:25 p.m.7 views

WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Course Review versions = 4.1.9...

6.5CVSS5.3AI score0.00133EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14802

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/fileid REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the...

5.4CVSS6AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder