Lucene search
K

807 matches found

wpexploit
wpexploit
added 2022/10/05 12:0 a.m.501 views

LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...

8.1CVSS0.6AI score0.01786EPSS
Exploits2
Patchstack
Patchstack
added 2022/10/05 12:0 a.m.24 views

WordPress LearnPress plugin <= 4.1.7.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability via REST API discovered by Nguyen Duy Quoc Khanh in the WordPress LearnPress plugin versions = 4.1.7.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.7.2...

8.1CVSS3.4AI score0.01786EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.11 views

LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings=emails=new-order-emails" Fixed in 4.1.6.7 - With a lesson attached to the course id 243...

0.9AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.396 views

LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings&tab=emails&section=new-order-emails&a"alert/XSS/ Fixed in 4.1.6.7 - With a lesson attached ...

0.1AI score
Exploits0
Patchstack
Patchstack
added 2022/06/21 12:0 a.m.10 views

WordPress LearnPress plugin <= 4.1.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress LearnPress plugin versions = 4.1.6.6. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6.7...

2.2AI score
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/04/27 12:0 a.m.15 views

WordPress LearnPress Plugin < 4.1.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.4AI score0.02254EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.22 views

WordPress LearnPress plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress LearnPress plugin versions prior to 4.1.6...

6.1CVSS1.6AI score0.02254EPSS
Exploits2References1
OSV
OSV
added 2022/04/11 3:15 p.m.1 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.02254EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.4 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.02254EPSS
Exploits2References3
NVD
NVD
added 2022/04/11 3:15 p.m.21 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.02254EPSS
Exploits2References1
Prion
Prion
added 2022/04/11 3:15 p.m.16 views

Cross site scripting

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

4.3CVSS6AI score0.02254EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/04/11 2:40 p.m.148 views

CVE-2022-0271

The CVE-2022-0271 entry concerns the WordPress LearnPress plugin and affects versions before 4.1.6. The underlying issue is insufficient sanitization/escaping of the lp-dismiss-notice before it is rendered back through the lp_background_single_email AJAX action, resulting in a Reflected Cross-Sit...

6.1CVSS6AI score0.02254EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/04/11 2:40 p.m.21 views

CVE-2022-0271 LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.2AI score0.02254EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.3 views

WordPress plugin LearnPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress LearnPress plugin versions prior to 4.1.6...

6.1CVSS5.4AI score0.02254EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/03/16 12:0 a.m.24 views

WordPress LearnPress plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress LearnPress plugin versions = 4.1.5. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6...

6.1CVSS2.2AI score0.02254EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.14 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1AI score0.02254EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/03/16 12:0 a.m.122 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.02254EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/03/14 12:0 a.m.17 views

WordPress LearnPress Plugin < 4.1.5 Arbitrary Image Renaming Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.3CVSS4.7AI score0.03205EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2022/03/14 12:0 a.m.14 views

WordPress LearnPress Plugin < 4.1.4 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.8CVSS9.6AI score0.01575EPSS
Exploits2References1
NVD
NVD
added 2022/02/28 9:15 a.m.59 views

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

4.3CVSS0.03205EPSS
Exploits5References3
Rows per page
Query Builder