Lucene search
K

248 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.5AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.7 views

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS5.5AI score0.00867EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 2:41 p.m.31 views

CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 5:16 a.m.24 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS0.00423EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/14 3:27 a.m.6 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/14 3:27 a.m.65 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS0.00423EPSS
Exploits0References8
NVD
NVD
added 2026/04/14 2:16 a.m.4 views

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS0.00867EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/14 1:24 a.m.2 views

CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS5.8AI score0.00867EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32587

Name of the Vulnerable Software and Affected Versions LearnPress plugin for WordPress versions up to 4.3.2.8 Description The plugin allows unauthorized data deletion because the delete question answer function lacks a capability check. It exposes a wp rest nonce in the public frontend HTML lpData...

9.1CVSS5.7AI score0.00867EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/08 6:31 a.m.4 views

EUVD-2026-20045

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learnpresscourses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode...

6.4CVSS6.1AI score0.00313EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 5:16 a.m.3 views

CVE-2026-4333

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learnpresscourses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode...

6.4CVSS0.00313EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 3:36 a.m.11 views

CVE-2026-4333

Affected software: LearnPress – WordPress LMS Plugin (WordPress)

6.4CVSS6.1AI score0.00313EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31080

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.3 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'skin' attribute of the learn press courses shortcod...

6.4CVSS5.9AI score0.00313EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 4:50 p.m.9 views

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Quiz Answer Deletion vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin LearnPress versions = 4.3.2.8...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/24 12:30 a.m.3 views

EUVD-2026-14610

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References6
NVD
NVD
added 2026/03/23 11:17 p.m.4 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS0.00262EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:25 p.m.9 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/12 2:22 a.m.6 views

EUVD-2026-11509

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/12 2:22 a.m.5 views

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References6
Rows per page
Query Builder