795 matches found
CVE-2021-24951
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...
CVE-2021-24951
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...
CVE-2021-24951 LearnPress < 4.1.4 - Admin+ SQL Injection
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...
CVE-2021-24951
The CVE-2021-24951 entry concerns the LearnPress WordPress plugin (prior to version 4.1.4). The exposed issue is a SQL injection in the duplicator flow where the id parameter is not properly sanitized, validated, or escaped before use in SQL statements (affecting course/lesson/quiz/question opera...
WordPress LearnPress plugin <= 4.1.3.2 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress LearnPress plugin versions = 4.1.3.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.4...
LearnPress < 4.1.4 - Admin+ SQL Injection
The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues PoC Id needs to start with a valid course/lesson/quiz/question ID:...
LearnPress < 4.1.4 - Admin+ SQL Injection
The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues Id needs to start with a valid course/lesson/quiz/question ID:...
WordPress LearnPress Plugin < 4.1.3.1 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress LearnPress Plugin < 4.1.3.2 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-83666)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin LearnPress, which stems from insufficient...
CVE-2021-39348
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...
CVE-2021-39348
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...
Cross site scripting
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...
CVE-2021-39348
The CVE-2021-39348 entry describes a stored XSS in the LearnPress WordPress plugin caused by insufficient escaping of the $custom_profile parameter in inc/admin/views/backend-user-profile.php. Affected are LearnPress versions up to 4.1.3.1, including multisite setups or admins with unfiltered_htm...
CVE-2021-39348 LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...
CVE-2021-39348 LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...
WordPress plugin LearnPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin LearnPress, which stems from insufficient...
PT-2021-22554 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions up to and including 4.1.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping on the custom profile parameter in the /inc/admin/views/backend-user-profile.php...
CVE-2021-24702
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed...
Cross site scripting
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed...