CVE-2024-3560 LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress LearnPress Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3560 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05282d717c17 Credits stealthcopter Required...

CVE-2024-32588

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-32588 WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-32588 WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-32588

CVE-2024-32588 : Reflected XSS in LearnPress Export Import (WordPress plugin) affecting LearnPress Export Import versions

PT-2024-26567 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...

WordPress Plugin LearnPress Export Import 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin LearnPress Export Import Version...

PT-2024-24710 · Thimpress · Thimpress Learnpress Export Import

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress Export Import versions n/a through 4.0.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means an...

WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin LearnPress Export Import versions = 4.0.3...

WordPress LearnPress Export Import Plugin <= 4.0.3 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Export Import Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32588 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b8d44b1ce98e Credits Dimas Maulana Required...

CVE-2024-1463

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1463

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...