CVE-2024-11328 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting

The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Opigno Learning path prior to version 3.1.2, which stems from an unsuccessful neutralization of directives in statically saved code, resulting in a...

WordPress plugin CLUEVO LMS, E-Learning Platform 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CLUEVO LMS, E-Learning Platform...

Viwis LMS 代码注入漏洞

Viwis LMS is a Learning Management System from Viwis Corporation, USA. A code injection vulnerability exists in Viwis LMS version 9.11, which stems from a cross-site scripting attack caused by manipulation of the filename parameter in the file upload component...

CVE-2025-22350

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9...

CVE-2025-22350 WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9...

CVE-2025-22350

CVE-2025-22350 is an SQL Injection in the WordPress plugin Ultimate Learning Pro (WpIndeed Ultimate Learning Pro) affecting versions up to 3.9. The vulnerability stems from improper neutralization of special elements in SQL commands, enabling potential access to confidential data and impacting av...

CVE-2025-22350 WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9...

WordPress plugin Ultimate Learning Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-4464 · Unknown · Wpindeed Ultimate Learning Pro

Name of the Vulnerable Software and Affected Versions: WpIndeed Ultimate Learning Pro versions prior to 3.9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Pham Van Tam Patchstack Alliance in WordPress Plugin Ultimate Learning Pro versions = 3.9...

CVE-2024-13110

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java， of the component Exam Answer Handler. The...

CVE-2024-13111

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...

CVE-2024-13111

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...

CVE-2024-13110

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java， of the component Exam Answer Handler. The...

CVE-2024-13111 Beijing Yunfan Internet Technology Yunfan Learning Examination System JWT Token SysUserControl improper authentication

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...

CVE-2024-13111

The CVE-2024-13111 entry affects Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown functionality within src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the JWT Token Handler, leading to improper authentication. The issue ca...

CVE-2024-13110 Beijing Yunfan Internet Technology Yunfan Learning Examination System Exam Answer PaperController.java， information disclosure

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java， of the component Exam Answer Handler. The...

CVE-2024-13110 Beijing Yunfan Internet Technology Yunfan Learning Examination System Exam Answer PaperController.java， information disclosure

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java， of the component Exam Answer Handler. The...

CVE-2024-13110

Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 is affected by CVE-2024-13110 due to an unknown function in src/main/java/com/yf/exam/modules/paper/controller/PaperController.java (Exam Answer Handler) that leads to information disclosure. Existence of remote-access ex...