Lucene search
K

797 matches found

Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45273

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.5CVSS7.1AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-49992

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.1CVSS6.4AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.3 views

EUVD-2025-35497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

5.9AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.3 views

CVE-2025-49992

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.1CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-49992 WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.1CVSS5.2AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.6 views

CVE-2025-49992 WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through = 4.0.9...

7.1CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.9 views

CVE-2025-49992

The CVE-2025-49992 entry documents a Reflected XSS in the LearnPress Export Import (ThimPress LearnPress Export Import) WordPress plugin. Affected component: the learnpress-import-export module; affected versions are listed as through 4.0.9 (and Patchstack notes 4.1.0 as a fix). Root cause: impro...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

WordPress plugin LearnPress Export Import 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerability...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.3 views

PT-2025-43225

Name of the Vulnerable Software and Affected Versions ThimPress LearnPress Export Import versions through 4.0.9 Description The LearnPress Export Import component contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-Site Scripting XSS. Th...

7.1CVSS6AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/19 6:43 a.m.17 views

CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS5.6AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/18 9:30 a.m.5 views

EUVD-2025-34972

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS5.1AI score0.00415EPSS
Exploits0References8
NVD
NVD
added 2025/10/18 7:15 a.m.9 views

CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS0.00415EPSS
Exploits0References7
OSV
OSV
added 2025/10/18 7:15 a.m.5 views

CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS5.6AI score
Exploits0References7
Cvelist
Cvelist
added 2025/10/18 6:42 a.m.10 views

CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS0.00415EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/18 6:42 a.m.5 views

CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS5.2AI score0.00415EPSS
Exploits0References7
CVE
CVE
added 2025/10/18 6:42 a.m.22 views

CVE-2025-11372

CVE-2025-11372 affects the LearnPress – WordPress LMS Plugin (WordPress) up to and including version 4.2.9.3. The root cause is missing capability checks on Admin Tools REST endpoints, with permission_callback set to __return_true, enabling unauthenticated attackers to perform destructive databas...

6.5CVSS5.2AI score0.00415EPSS
In wildExploits0References7
Patchstack
Patchstack
added 2025/10/18 1:21 a.m.10 views

WordPress LearnPress plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation vulnerability

Missing Authorization to Unauthenticated Database Table Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin LearnPress versions = 4.2.9.3...

6.5CVSS6.7AI score0.00415EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/10/18 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS5.6AI score0.00415EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2025/10/18 12:0 a.m.3 views

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.4AI score0.00415EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8028

Malware in sbrugna...

6.1CVSS6.6AI score0.01036EPSS
Exploits0References3
Rows per page
Query Builder