CVE-2024-1289

CVE-2024-1289 affects LearnPress – WordPress LMS Plugin. All versions up to 4.2.6.3 are vulnerable to Insecure Direct Object Reference (IDOR) due to missing validation on a user-controlled key when retrieving order data. Authenticated attackers can view orders placed by other users and guests, en...

WordPress Plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18067 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Course, Lesson, and Quiz title and...

PT-2024-17776 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.3 Description: The issue allows authenticated attackers to obtain information on orders placed by other users and guests due to missing validation on a user controlled key...

PT-2024-31154 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin plugin for WordPress versions up to, and including, 4.2.6.5 Description: The issue is due to missing checks in the create account function in the checkout, making it possible for unauthenticated attackers to...

CVE-2024-31241

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-31241 WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-31241 WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3...

CVE-2024-31241

CVE-2024-31241 affects LearnPress Export Import (WordPress plugin) up to version 4.0.3. It is an SQL Injection vulnerability caused by improper neutralization of input, enabling an authenticated attacker to manipulate database queries. The CVSS v3.1 base score is 7.6 (HIGH) with network access, l...

PT-2024-23883 · Thimpress · Thimpress Learnpress Export Import

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress Export Import versions n/a through 4.0.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitatio...

WordPress Plugin LearnPress Export Import SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin LearnPress Export Import suffers from...

Exploit for Command Injection in Thimpress Learnpress

CVE-2023-6634 Exploit Script Description This repository...

CVE-2024-2115

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filterusers functions. This makes it possible for unauthenticated attackers to elevate...

CVE-2024-2115

CVE-2024-2115 affects LearnPress – WordPress LMS Plugin up to version 4.0.0. Root cause: missing/incorrect nonce validation in filter_users leading to CSRF. Impact: unauthenticated attackers can elevate privileges to Teacher by tricking an admin into performing an action. Public details in connec...

CVE-2024-2115 LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filterusers functions. This makes it possible for unauthenticated attackers to elevate...

CVE-2024-2115

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filterusers functions. This makes it possible for unauthenticated attackers to elevate...

WordPress LearnPress Export Import plugin <= 4.0.3 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin LearnPress Export Import versions = 4.0.3...

WordPress LearnPress plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by Tim Coen in WordPress Plugin LearnPress versions = 4.0.0...

WordPress LearnPress plugin <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting vulnerability

AuthenticatedLP Instructor+ Stored Cross-Site Scripting vulnerability discovered by drop in WordPress Plugin LearnPress versions = 4.2.6.3...