WordPress LearnPress 3.2.6.8 Plugin - Privilege Escalation Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin/?action=accept-to-be-teacher&userid= Done!...

WordPress LearnPress 3.2.6.7 Plugin - (current_items) SQL Injection (Authenticated) Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login with a cred 3...

WordPress LearnPress SQL Injection

Exploit Title: WordPress Plugin LearnPress /wp-admin 2. Login with a cred 3. Execute the payload POST /wordpress/wp-admin/post-new.php?posttype=lporder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0 Gecko/20100101 Firefox/89.0 Accept: application/json,...

WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login wi...

WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation

Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version:...

WordPress LearnPress plugin <= 3.2.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress LearnPress plugin versions = 3.2.7.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.7.3...

LearnPress < 3.2.7.3 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities

The WordPress LearnPress Plugin installed on the remote host is affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation of user-supplied input. An authenticated, remote attacker can exploit thi...

Wordpress LearnPress SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in Wordpress LearnPress...

WordPress wp-advanced-search SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in the import function in...

WordPress LearnPress Plugin < 3.2.6.9 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress LearnPress Plugin < 3.2.6.7 Multiple Privilege Escalation Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress LearnPress Plugin < 3.1.0 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Plugin 'LearnPress' < 3.2.6.8 Multiple Vulnerabilities

The WordPress application running on the remote host has a version of the 'LearnPress' plugin that is prior to 3.2.6.8 and, thus, is affected by multiple vulnerabilities : - A SQL injection SQLi vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation...

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

Sql injection

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

CVE-2020-6010

The CVE-2020-6010 entry concerns the WordPress LearnPress plugin prior to 3.2.6.8, where an authenticated SQL injection exists in the _get_items method of LP_Modal_Search_Items via the current_items parameter on post-new.php. Impact stated in sources includes data disclosure/manipulation and pote...

Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites

Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system LMS plugins that various organizations and universities use to offer online training courses through their WordPress-based websites. According to the Check Point...