807 matches found
LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...
WordPress LearnPress plugin <= 4.1.7.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability via REST API discovered by Nguyen Duy Quoc Khanh in the WordPress LearnPress plugin versions = 4.1.7.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.7.2...
LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings=emails=new-order-emails" Fixed in 4.1.6.7 - With a lesson attached to the course id 243...
LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings&tab=emails§ion=new-order-emails&a"alert/XSS/ Fixed in 4.1.6.7 - With a lesson attached ...
WordPress LearnPress plugin <= 4.1.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress LearnPress plugin versions = 4.1.6.6. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6.7...
WordPress LearnPress Plugin < 4.1.6 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress LearnPress plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress LearnPress plugin versions prior to 4.1.6...
CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-0271
The CVE-2022-0271 entry concerns the WordPress LearnPress plugin and affects versions before 4.1.6. The underlying issue is insufficient sanitization/escaping of the lp-dismiss-notice before it is rendered back through the lp_background_single_email AJAX action, resulting in a Reflected Cross-Sit...
CVE-2022-0271 LearnPress < 4.1.6 - Reflected Cross-Site Scripting
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
WordPress plugin LearnPress 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress LearnPress plugin versions prior to 4.1.6...
WordPress LearnPress plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress LearnPress plugin versions = 4.1.5. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6...
LearnPress < 4.1.6 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting PoC...
LearnPress < 4.1.6 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
WordPress LearnPress Plugin < 4.1.5 Arbitrary Image Renaming Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress LearnPress Plugin < 4.1.4 SQLi Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-0377
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...