CVE-2024-6589

The CVE-2024-6589 entry concerns LearnPress – WordPress LMS Plugin (versions

WordPress LearnPress plugin <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin LearnPress versions = 4.2.6.8.2...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LearnPress Plugin <= 4.2.6.8.2 is vulnerable to Local File Inclusion

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.8.2 Fixed in 4.2.6.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6589 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID a0500492bf33 Credits stealthcopter Required privilege Contribut...

PT-2024-37741 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.8.2 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server via the render conte...

The vulnerability of the `call_user_func` function in the LearnPress plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the calluserfunc function in the LearnPress plugin of the WordPress content management system is related to the lack of data cleansing at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through getcontent...

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

CVE-2024-6099

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'checkvalidatefields' function in the checkout. This makes it possible for unauthenticated...

CVE-2024-6099

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'checkvalidatefields' function in the checkout. This makes it possible for unauthenticated...

CVE-2024-6099 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'checkvalidatefields' function in the checkout. This makes it possible for unauthenticated...

CVE-2024-6088

CVE-2024-6088 concerns the LearnPress – WordPress LMS Plugin. Affected: all versions up to and including 4.2.6.8.1. Root cause: missing capability check in the register function, enabling unauthenticated users to bypass disabled registration and create accounts with the default role. Impact: unau...

CVE-2024-6099 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'checkvalidatefields' function in the checkout. This makes it possible for unauthenticated...

CVE-2024-6099

CVE-2024-6099 affects the LearnPress – WordPress LMS Plugin. The vulnerability is an unauthenticated registration bypass caused by missing authorization checks in the checkout flow (check_validate_fields), enabling an attacker to register with the site’s default role even if registration is disab...

WordPress LearnPress plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass vulnerability

Missing Authorization to Unauthenticated User Registration Bypass vulnerability discovered by shaman0x01 in WordPress Plugin LearnPress versions = 4.2.6.8.1...

WordPress LearnPress plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration vulnerability

Unauthenticated Bypass to User Registration vulnerability discovered by shaman0x01 in WordPress Plugin LearnPress versions = 4.2.6.8.1...

WordPress LearnPress Plugin <= 4.2.6.8.1 is vulnerable to Broken Access Control

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.8.1 Fixed in 4.2.6.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6099 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b7595fc9b77e Credits shaman0x01 Required privile...

WordPress plugin LearnPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin LearnPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LearnPress Plugin <= 4.2.6.8.1 is vulnerable to Broken Access Control

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.8.1 Fixed in 4.2.6.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6088 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 437341849e3b Credits shaman0x01 Required privile...