Lucene search
+L

179 matches found

vulncheck_kev
vulncheck_kev
added 2023/01/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-6008

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...

9.8CVSS8.1AI score0.03776EPSS
Exploits0References1
cnvd
cnvd
added 2022/05/07 12:0 a.m.21 views

WordPress LifterLMS PayPal plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...

6.1CVSS1.2AI score0.00918EPSS
Exploits2References1
nvd
nvd
added 2022/05/02 4:15 p.m.16 views

CVE-2022-1250

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.00918EPSS
Exploits2References2
attackerkb
attackerkb
added 2022/05/02 4:15 p.m.10 views

CVE-2022-1250

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.3AI score0.00918EPSS
Exploits2References3
prion
prion
added 2022/05/02 4:15 p.m.19 views

Cross site scripting

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...

4.3CVSS6.1AI score0.00918EPSS
Exploits2References2Affected Software1
osv
osv
added 2022/05/02 4:5 p.m.13 views

CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score0.00918EPSS
Exploits2References4
cve
cve
added 2022/05/02 4:5 p.m.75 views

CVE-2022-1250

The CVE-2022-1250 entry pertains to the WordPress LifterLMS PayPal plugin prior to version 1.4.0, where parameters from the payment confirmation page are not properly sanitised/escaped before being echoed, causing a Reflected Cross‑Site Scripting vulnerability. Affected product: LifterLMS PayPal ...

6.1CVSS6AI score0.00918EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2022/05/02 4:5 p.m.22 views

CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...

6.2AI score0.00918EPSS
Exploits2References2
cnnvd
cnnvd
added 2022/05/02 12:0 a.m.6 views

WordPress plugin LifterLMS PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...

6.1CVSS6.3AI score0.00918EPSS
Exploits2References3
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.121 views

LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/purchase/confirm-payment/?order=order-xxxxxxx&PayerID=aa"...

6.1CVSS1.1AI score0.00918EPSS
Exploits2References1
patchstack
patchstack
added 2022/04/04 12:0 a.m.20 views

WordPress LifterLMS PayPal plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress LifterLMS PayPal plugin versions = 1.3.0. Solution Update the WordPress LifterLMS PayPal plugin to the latest available version at least 1.4.0...

6.1CVSS2.4AI score0.00918EPSS
Exploits2References3Affected Software1
wpvulndb
wpvulndb
added 2022/04/04 12:0 a.m.26 views

LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/purchase/confirm-payment/?order=order-xxxxxxx=aa"...

6.1CVSS0.6AI score0.00918EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2022/02/28 12:0 a.m.6 views

WordPress Elements for LifterLMS plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Elements for LifterLMS plugin versions = 1.1.2. Solution No patched version available...

2.7AI score
Exploits0References2Affected Software1
patchstack
patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress Elements for LifterLMS plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Elements for LifterLMS plugin versions = 1.1.2. Solution No patched version available...

4.5AI score
Exploits0References2Affected Software1
nvd
nvd
added 2021/08/23 12:15 p.m.19 views

CVE-2021-24562

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

7.5CVSS0.01625EPSS
Exploits2References2
osv
osv
added 2021/08/23 12:15 p.m.15 views

CVE-2021-24562

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

7.5CVSS6.8AI score
Exploits0References2
prion
prion
added 2021/08/23 12:15 p.m.17 views

Code injection

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

5CVSS7.6AI score0.01625EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2021/08/23 11:10 a.m.21 views

CVE-2021-24562 LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

7.7AI score0.01625EPSS
Exploits2References2
cve
cve
added 2021/08/23 11:10 a.m.54 views

CVE-2021-24562

CVE-2021-24562 affects the LifterLMS WordPress plugin prior to version 4.21.2. The connected documents confirm an Insecure Direct Object Reference (IDOR) vulnerability that allows a student to access other students’ answers and grades, i.e., information disclosure. Public references/entries indic...

7.5CVSS7.5AI score0.01625EPSS
Exploits2References2Affected Software1
cnnvd
cnnvd
added 2021/08/23 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin LMS by LifterLMS â€" Online Course, Membership & Learning Management System Versions prior to 4.21....

7.5CVSS7.1AI score0.01625EPSS
Exploits2References2
Rows per page
Query Builder