CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

WordPress LearnPress plugin <= 4.2.7.5 - Authenticated (Instructor+) Stored Cross-Site Scripting via Lesson Name vulnerability

Authenticated Instructor+ Stored Cross-Site Scripting via Lesson Name vulnerability discovered by Tim Coen in WordPress Plugin LearnPress versions = 4.2.7.5...

CVE-2025-24740

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through = 4.2.7.1...

CVE-2025-24740

CVE-2025-24740: Open Redirect vulnerability in LearnPress (WordPress LMS plugin) affecting LearnPress

CVE-2025-24740 WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through = 4.2.7.1...

CVE-2025-24740 WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1...

WordPress plugin LearnPress 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

PT-2025-5552 · Thimpress · Learnpress

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress versions prior to 4.2.7.1 Description: The issue is related to a URL redirection to an untrusted site, also known as an "Open Redirect". This problem allows redirection to potentially malicious sites. Recommendations: For...

CVE-2024-13599

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP...

CVE-2024-13599 LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP...

CVE-2024-13599

CVE-2024-13599 affects LearnPress – WordPress LMS Plugin. A stored Cross-Site Scripting flaw arises from insufficient input sanitization and output escaping of a lesson name, enabling authenticated LP Instructor+ attackers to inject scripts that run when users visit injected pages. Affected versi...

PT-2025-2229 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping of a lesson name. This allows authenticated...

WordPress plugin LearnPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin LearnPress...

WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin LearnPress versions = 4.2.7.1...

WordPress LearnPress plugin < 4.2.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin LearnPress versions 4.2.7.2...

CVE-2024-9881

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10010

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...