Lucene search
K

248 matches found

Vulnrichment
Vulnrichment
added 2023/01/24 9:18 a.m.10 views

CVE-2022-45820 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.1CVSS9.7AI score0.01005EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/01/24 9:5 a.m.29 views

CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.3CVSS9.7AI score0.05063EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/01/24 9:5 a.m.13 views

CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.3CVSS7.2AI score0.05063EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.5 views

PT-2023-14768 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2 Description: A SQL Injection SQLi issue has been identified. This type of issue generally involves the manipulation of database queries, potentially allowing unauthorized access or...

9.1CVSS9.3AI score0.01005EPSS
Exploits2References4
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.416 views

LearnPress Plugin < 4.2.0 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...

9.1CVSS9.1AI score0.01005EPSS
Exploits2
VulnCheck KEV
VulnCheck KEV
added 2023/01/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-47615

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.8CVSS7.3AI score0.05063EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.9 views

PT-2022-7084 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions = 4.1.7.3.2 Description: The issue is related to a Local File Inclusion vulnerability. It concerns the list courses function of the LearnPress plugin in the WordPress content management system. The...

9.8CVSS9.2AI score0.05063EPSS
Exploits2References7
EUVD
EUVD
added 2022/10/31 12:0 a.m.4 views

EUVD-2022-42743

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

8.1CVSS8.5AI score0.01786EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.6 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.02254EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/04/11 2:40 p.m.21 views

CVE-2022-0271 LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.2AI score0.02254EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/03/16 12:0 a.m.24 views

WordPress LearnPress plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress LearnPress plugin versions = 4.1.5. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6...

6.1CVSS2.2AI score0.02254EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/28 9:15 a.m.8 views

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

4.3CVSS5.6AI score0.03205EPSS
Exploits5References4
CNNVD
CNNVD
added 2022/02/02 12:0 a.m.6 views

Wordpress Plugin Learnpress 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An encryption issue vulnerability...

4.3CVSS5.3AI score0.03205EPSS
Exploits5References6
OSV
OSV
added 2021/12/13 11:15 a.m.5 views

CVE-2021-24951

The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...

9.8CVSS5.8AI score0.01575EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/11/09 12:0 a.m.27 views

WordPress LearnPress plugin <= 4.1.3.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress LearnPress plugin versions = 4.1.3.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.4...

9.8CVSS2.7AI score0.01575EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2021/10/21 8:15 p.m.28 views

Cross site scripting

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...

3.5CVSS4.7AI score0.05037EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2021/07/27 4:56 a.m.150 views

CVE-2020-11511

The CVE-2020-11511 entry concerns the LearnPress WordPress plugin (versions prior to 3.2.6.9). A privilege-escalation flaw exists in the learn_press_accept_become_a_teacher function, where the code does not properly check permissions; remote attackers can escalate privileges to LP Instructor via ...

8.1CVSS8.1AI score0.03209EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/07/27 12:0 a.m.5 views

PT-2021-9421 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress plugin versions prior to 3.2.6.9 for WordPress Description: The issue allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. Recommendations: For versions prio...

8.1CVSS8.1AI score0.03209EPSS
Exploits5References7
Patchstack
Patchstack
added 2020/09/09 12:0 a.m.11 views

WordPress LearnPress plugin <= 3.2.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress LearnPress plugin versions = 3.2.7.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.7.3...

2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/04/30 3:15 p.m.6 views

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

8.8CVSS7.6AI score0.49231EPSS
Exploits6References4
Rows per page
Query Builder