248 matches found
CVE-2022-45820 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...
CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...
CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...
PT-2023-14768 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2 Description: A SQL Injection SQLi issue has been identified. This type of issue generally involves the manipulation of database queries, potentially allowing unauthorized access or...
LearnPress Plugin < 4.2.0 - Subscriber+ SQLi
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...
VulnCheck KEV: CVE-2022-47615
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...
PT-2022-7084 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions = 4.1.7.3.2 Description: The issue is related to a Local File Inclusion vulnerability. It concerns the list courses function of the LearnPress plugin in the WordPress content management system. The...
EUVD-2022-42743
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...
CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-0271 LearnPress < 4.1.6 - Reflected Cross-Site Scripting
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...
WordPress LearnPress plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress LearnPress plugin versions = 4.1.5. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6...
CVE-2022-0377
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...
Wordpress Plugin Learnpress 加密问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An encryption issue vulnerability...
CVE-2021-24951
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...
WordPress LearnPress plugin <= 4.1.3.2 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress LearnPress plugin versions = 4.1.3.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.4...
Cross site scripting
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...
CVE-2020-11511
The CVE-2020-11511 entry concerns the LearnPress WordPress plugin (versions prior to 3.2.6.9). A privilege-escalation flaw exists in the learn_press_accept_become_a_teacher function, where the code does not properly check permissions; remote attackers can escalate privileges to LP Instructor via ...
PT-2021-9421 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress plugin versions prior to 3.2.6.9 for WordPress Description: The issue allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. Recommendations: For versions prio...
WordPress LearnPress plugin <= 3.2.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress LearnPress plugin versions = 3.2.7.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.7.3...
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...