CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

795 matches found

NVD•added 2019/01/09 11:29 p.m.•16 views

CVE-2018-16175

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

7.2CVSS7.3AI score0.01306EPSS

Exploits0References2

Prion•added 2019/01/09 11:29 p.m.•17 views

Open redirect

Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

5.8CVSS6.3AI score0.01036EPSS

Exploits0References2Affected Software1

Prion•added 2019/01/09 11:29 p.m.•14 views

Sql injection

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS7.3AI score0.01306EPSS

Exploits0References2Affected Software1

Prion•added 2019/01/09 11:29 p.m.•18 views

Cross site scripting

Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00952EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/01/09 10:0 p.m.•17 views

CVE-2018-16174

Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

6.5AI score0.01036EPSS

Exploits0References2

CVE•added 2019/01/09 10:0 p.m.•36 views

CVE-2018-16175

Affected software: WordPress LearnPress plugin (pre-3.1.0). Vulnerability: SQL Injection allowing a user with administrative privileges to execute arbitrary SQL commands via unspecified vectors. Impact: Potential arbitrary SQL execution with full admin rights. Root cause / details: The CVE-2018-1...

7.2CVSS7.3AI score0.01306EPSS

Exploits0References2Affected Software1

CVE•added 2019/01/09 10:0 p.m.•43 views

CVE-2018-16174

The CVE-2018-16174 Open Redirect affects the WordPress LearnPress plugin, specifically versions prior to 3.1.0. The vulnerability allows remote attackers to redirect logged-in users to arbitrary sites, enabling phishing. The OpenVAS and JVN entries corroborate a multi-source disclosure of this is...

6.1CVSS6.3AI score0.01036EPSS

Exploits0References2Affected Software1

CVE•added 2019/01/09 10:0 p.m.•45 views

CVE-2018-16173

CVE-2018-16173 affects the WordPress LearnPress plugin prior to version 3.1.0. The vulnerability is a cross-site scripting (XSS) flaw that can let remote attackers inject arbitrary web script or HTML via unspecified vectors, potentially causing arbitrary script execution in the logged-in user’s b...

6.1CVSS6.1AI score0.00952EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/01/09 10:0 p.m.•21 views

CVE-2018-16175

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

7.3AI score0.01306EPSS

Exploits0References2

Cvelist•added 2019/01/09 10:0 p.m.•16 views

CVE-2018-16173

Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.2AI score0.00952EPSS

Exploits0References2

CNVD•added 2018/11/12 12:0 a.m.•2 views

WordPress Plugin LearnPress SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin LearnPress, which allows users with administrative privileges to...

7.2CVSS7.4AI score0.01306EPSS

Exploits0References1

CNVD•added 2018/11/12 12:0 a.m.•2 views

WordPress plugin LearnPress open to redirection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An open redirection vulnerability exists in the WordPress plugin LearnPress, where accessing a crafted URL may cause logged-i...

6.1CVSS6.2AI score0.01036EPSS

Exploits0References1

CNVD•added 2018/11/12 12:0 a.m.•3 views

WordPress plugin LearnPress cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin LearnPress, which can be exploited by an attacker to...

6.1CVSS6.2AI score0.00952EPSS

Exploits0References1

Japan Vulnerability Notes•added 2018/11/09 7:13 a.m.•3 views

Multiple vulnerabilities in WordPress plugin "LearnPress"

Overview WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Open Redirect CWE-601 - CVE-2018-16174 SQL Injection CWE-89 - CVE-2018-16175 Daiki Sueyoshi of Cryptography Laboratory, Department of Information and Communicati...

7.2CVSS7.8AI score0.01306EPSS

Exploits0References12

Japan Vulnerability Notes•added 2018/11/09 12:0 a.m.•525 views

JVN#85760090: Multiple vulnerabilities in WordPress plugin "LearnPress"

WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Open...

7.2CVSS7.3AI score0.01306EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by