CVE-2022-45820

CVE-2022-45820 is a SQL Injection vulnerability in LearnPress – WordPress LMS Plugin versions

CVE-2022-45808 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

CVE-2022-45808

LearnPress WordPress LMS plugin

CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

CVE-2022-47615

CVE-2022-47615 – LearnPress WordPress plugin Affected software: LearnPress – WordPress LMS Plugin, versions

CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

LearnPress Plugin < 4.2.0 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...

LearnPress Plugin < 4.2.0 - Unauthenticated LFI

The plugin does not validate various parameters in the lp/v1/courses/archive-course REST endpoints before using them in include statement, which could lead to LFI issues...

LearnPress Plugin < 4.2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the order by parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

LearnPress Plugin < 4.2.0 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...

PT-2023-14760 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2 Description: The issue is related to a SQL Injection vulnerability. Recommendations: For LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2, update to a version newer th...

PT-2023-14768 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2 Description: A SQL Injection SQLi issue has been identified. This type of issue generally involves the manipulation of database queries, potentially allowing unauthorized access or...

WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45820 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 9c3943f3be3d Credits Rafie Muhammad Patchstack Required privilege...

WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45808 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c30856175358 Credits Fadilah Agung Nugraha Required privilege...

VulnCheck KEV: CVE-2022-47615

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

VulnCheck KEV: CVE-2022-45808

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion

Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Local File Inclusion CVE CVE-2022-47615 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0eac88ed6f92 Credits Rafie Muhammad Patchstack...

PT-2022-7084 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions = 4.1.7.3.2 Description: The issue is related to a Local File Inclusion vulnerability. It concerns the list courses function of the LearnPress plugin in the WordPress content management system. The...

WordPress LearnPress Plugin < 4.1.7.2 RCE Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-3360

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...