Lucene search
K

797 matches found

CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.1AI score0.00156EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/30 10:29 a.m.5 views

WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin LearnPress versions = 4.2.9.4...

7.5CVSS7AI score0.0023EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/11/25 12:0 a.m.4 views

WordPress Plugin LearnPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...

5.3CVSS6AI score0.00914EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 5:35 a.m.9 views

CVE-2025-11368

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS5.7AI score0.00914EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/21 8:26 a.m.8 views

WordPress LearnPress plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability

Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin LearnPress versions = 4.2.9.4...

5.3CVSS7AI score0.00914EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/21 6:15 a.m.6 views

CVE-2025-11368

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS0.00914EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/21 5:32 a.m.3 views

EUVD-2025-198382

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS5.2AI score0.00914EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/21 5:32 a.m.6 views

CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS0.00914EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/21 5:32 a.m.5 views

CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS5.3AI score0.00914EPSS
Exploits0References4
CVE
CVE
added 2025/11/21 5:32 a.m.21 views

CVE-2025-11368

The CWE/CVE entry CVE-2025-11368 maps to the LearnPress WordPress LMS Plugin. Affected versions are up to 4.2.9.4 (and versions prior to 4.2.9.5 as per PT-2025-47660). The root cause is missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax, enabling arbitrary callbac...

5.3CVSS5.3AI score0.00914EPSS
In wildExploits0References4
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.6 views

WordPress plugin LearnPress 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...

5.3CVSS5.7AI score0.00914EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.5 views

PT-2025-47660

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions prior to 4.2.9.5 Description The LearnPress – WordPress LMS Plugin for WordPress is affected by a sensitive information disclosure issue. Missing capability checks in the REST endpoint...

5.3CVSS5.8AI score0.00914EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.3 views

CVE-2025-60200

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.1.2...

7.5CVSS5.9AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.4 views

EUVD-2025-38115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.5CVSS6.6AI score0.0037EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:16 p.m.5 views

CVE-2025-60200

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.1.2...

7.5CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:54 p.m.14 views

CVE-2025-60200 WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.1.2...

7.5CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:54 p.m.3 views

CVE-2025-60200 WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.1.2...

7.5CVSS5.3AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:54 p.m.10 views

CVE-2025-60200

The CVE-2025-60200 entry is a concrete local file inclusion issue in the WordPress plugin LearnPress Export Import (versions ≤ 4.0.9 per multiple sources). Affected component: the plugin’s PHP include/require handling allowing an attacker-controlled filename to be included remotely, enabling PHP ...

7.5CVSS5.9AI score0.0037EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/06 6:9 a.m.4 views

WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin LearnPress versions = 4.2.9.4...

6.5CVSS6.1AI score0.00156EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.6 views

WordPress plugin LearnPress Export Import 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

7.5CVSS6.5AI score0.0037EPSS
Exploits0References1
Rows per page
Query Builder