WordPress LearnPress plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' vulnerability

Unauthenticated SQL Injection via 'conlyfields' vulnerability discovered by abrahack in WordPress Plugin LearnPress versions = 4.2.7...

WordPress LearnPress plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' vulnerability

Unauthenticated SQL Injection via 'cfields' vulnerability discovered by abrahack in WordPress Plugin LearnPress versions = 4.2.7...

WordPress plugin LearnPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

VulnCheck KEV: CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

WordPress plugin LearnPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

VulnCheck KEV: CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 13b3ec9c4ec2 Credits abrahack Required privilege Unauthenticated Publish...

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8529 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 137696734fbf Credits abrahack Required privilege Unauthenticated Publish...

PT-2024-39077

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7 Description: The issue allows unauthenticated attackers to perform SQL Injection via the c fields parameter of the "/wp-json/lp/v1/courses/archive-course" REST API endpoin...

PT-2024-39073

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to 4.2.7 Description: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the c only fields parameter of the "/wp-json/learnpress/v1/courses" REST API...

Wordpress LearnPress Current_items Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress LearnPress currentitems Authenticated SQLi', 'Description' = %q LearnPress, a learning management plugin for WordPress, prior to 3.2.6....

CVE-2024-39641

Cross-Site Request Forgery CSRF vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2...

CVE-2024-39641

Cross-Site Request Forgery CSRF vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2...

CVE-2024-39641 WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2...

CVE-2024-39641

Summary: CVE-2024-39641 is a CSRF vulnerability in LearnPress (WordPress LMS plugin) affecting LearnPress versions up to 4.2.6.8.2. The vulnerability was fixed in version 4.2.6.9. Affected software: LearnPress – WordPress LMS Plugin. Root cause / impact: Cross-Site Request Forgery; exploitation d...

CVE-2024-39641 WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2...

WordPress plugin LearnPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-28578 · Thimpress · Learnpress

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress versions through 4.2.6.8.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It affects the WordPress LearnPress Plugin, allowing for potential exploitation. To remediate the issue, an upgrade to...

CVE-2024-39642

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2...

CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2...