CVE-2024-10010

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9881 LearnPress < 4.2.7.2 - Admin+ Stored XSS

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9881

CVE-2024-9881 affects LearnPress for WordPress: LearnPress plugin versions earlier than 4.2.7.2 fail to sanitize/escape certain settings, enabling stored XSS via admin-level abuse (even if unfiltered_html is disallowed). Root cause per sources is lack of proper sanitization/escaping of settings. ...

CVE-2024-9881 LearnPress < 4.2.7.2 - Admin+ Stored XSS

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10010 LearnPress < 4.2.7.2 - Admin+ Stored XSS

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10010 LearnPress < 4.2.7.2 - Admin+ Stored XSS

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10010

The CVE-2024-10010 entry concerns LearnPress (WordPress LMS plugin) prior to version 4.2.7.2, where inadequate sanitisation/escaping of certain settings allows Stored XSS by high-privilege users (e.g., admins), including in multisite setups where unfiltered_html is disallowed. Public Red Hat and ...

PT-2024-39908 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin version 4.2.7.2 and earlier Description: The issue concerns the LearnPress WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15970 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions prior to 4.2.7.2 Description: The issue allows high privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize a...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-11868

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

CVE-2024-11868

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

CVE-2024-11868

Affected software: LearnPress – WordPress LMS Plugin for WordPress. Vulnerability: Sensitive Information Exposure via the REST API, caused by insecure handling in class-lp-rest-material-controller.php, allowing unauthenticated access to potentially paid course material. Affected versions / scope ...

WordPress LearnPress plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API vulnerability

Course Material Sensitive Information Exposure via REST API vulnerability discovered by abrahack in WordPress Plugin LearnPress versions = 4.2.7.3...

PT-2024-17305

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.3 Description The issue concerns Sensitive Information Exposure, allowing unauthenticated attackers to extract potentially sensitive paid course material through the...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-9609

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpressimportformserver' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes ...