179 matches found
VulnCheck KEV: CVE-2020-6008
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...
WordPress LifterLMS PayPal plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...
CVE-2022-1250
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-1250
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...
Cross site scripting
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-1250
The CVE-2022-1250 entry pertains to the WordPress LifterLMS PayPal plugin prior to version 1.4.0, where parameters from the payment confirmation page are not properly sanitised/escaped before being echoed, causing a Reflected Cross‑Site Scripting vulnerability. Affected product: LifterLMS PayPal ...
CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...
WordPress plugin LifterLMS PayPal 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/purchase/confirm-payment/?order=order-xxxxxxx&PayerID=aa"...
WordPress LifterLMS PayPal plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress LifterLMS PayPal plugin versions = 1.3.0. Solution Update the WordPress LifterLMS PayPal plugin to the latest available version at least 1.4.0...
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/purchase/confirm-payment/?order=order-xxxxxxx=aa"...
WordPress Elements for LifterLMS plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Elements for LifterLMS plugin versions = 1.1.2. Solution No patched version available...
WordPress Elements for LifterLMS plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Elements for LifterLMS plugin versions = 1.1.2. Solution No patched version available...
CVE-2021-24562
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...
CVE-2021-24562
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...
Code injection
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...
CVE-2021-24562 LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...
CVE-2021-24562
CVE-2021-24562 affects the LifterLMS WordPress plugin prior to version 4.21.2. The connected documents confirm an Insecure Direct Object Reference (IDOR) vulnerability that allows a student to access other students’ answers and grades, i.e., information disclosure. Public references/entries indic...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin LMS by LifterLMS â€" Online Course, Membership & Learning Management System Versions prior to 4.21....