PT-2025-21450 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions prior to 4.2.7.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...

PT-2025-21451 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions prior to 4.2.7.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

📄 WordPress LearnPress 4.2.7 SQL Injection

WordPress LearnPress plugin versions 4.2.7 and below suffer from a remote SQL injection vulnerability. My name: Francisco Moraga BTshell @BTshell https://www.linkedin.com/in/btshell/ Exploit Title: LearnPress WordPress LMS Plugin = 4.2.7 - Unauthenticated SQL Injection via 'conlyfields' Google...

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...

CVE-2025-22739

Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through = 4.2.7.5...

CVE-2025-22739

Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through = 4.2.7.5...

CVE-2025-22739 WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through = 4.2.7.5...

CVE-2025-22739

CVE-2025-22739 affects LearnPress (WordPress LMS Plugin) up to version 4.2.7.5 and is a Missing Authorization vulnerability. The CVSS 3.1 score is 5.3 (Medium). Connected data confirm a patch exists for LearnPress, i.e., the issue has been addressed in a later release. Action: upgrade LearnPress ...

WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by David Ojeda Guijarro Patchstack Alliance in WordPress Plugin LearnPress versions = 4.2.7.5...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LearnPress plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin LearnPress versions = 4.2.7.5...

The vulnerability of the ‘c_only_fields’ parameter in the REST API endpoint /wp-json/learnpress/v1/courses of the LearnPress plugin for the WordPress content management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the ‘conlyfields’ parameter in the REST API endpoint /wp-json/learnpress/v1/courses of the LearnPress plugin for the WordPress content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow a...

CVE-2022-47615

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

CVE-2022-45808

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

CVE-2022-45820

SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

CVE-2024-7548

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2024-32588

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-6589

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'rendercontentblocktemplate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include a...

CVE-2024-31241

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3...