Lucene search
K

179 matches found

Exploit DB
Exploit DB
added 2021/08/10 12:0 a.m.225 views

WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR

Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Date: 2021-05-17 Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/08/10 12:0 a.m.110 views

WordPress LifterLMS 4.21.1 Plugin - Access Other Student Grades/Answers via IDOR Vulnerability

Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR issue, allowing...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/10 12:0 a.m.217 views

WordPress LifterLMS 4.21.1 Insecure Direct Object Reference

Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Date: 2021-05-17 Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/05/28 12:0 a.m.62 views

WordPress LifterLMS 4.21.0 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored and triggered in...

5.4CVSS5.5AI score0.03249EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/28 12:0 a.m.201 views

WordPress LifterLMS 4.21.0 Cross Site Scripting

Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...

5.5AI score0.03249EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.187 views

WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...

5.4CVSS5.5AI score0.03249EPSS
Exploits5
NVD
NVD
added 2021/05/24 11:15 a.m.42 views

CVE-2021-24308

The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...

5.4CVSS0.03249EPSS
Exploits5References3
Prion
Prion
added 2021/05/24 11:15 a.m.15 views

Cross site scripting

The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...

3.5CVSS5AI score0.03249EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2021/05/24 10:58 a.m.47 views

CVE-2021-24308 LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...

5.3AI score0.03249EPSS
Exploits5References3
CVE
CVE
added 2021/05/24 10:58 a.m.92 views

CVE-2021-24308

CVE-2021-24308 affects WordPress plugin LifterLMS (LMS by LifterLMS) before version 4.21.1. The issue is a stored XSS in the State field of the Edit Profile page, where input is not properly sanitized when rendered in the About section, potentially allowing low-privilege users (e.g., students) to...

5.4CVSS5.2AI score0.03249EPSS
Exploits5References3Affected Software1
wpexploit
wpexploit
added 2021/05/17 12:0 a.m.732 views

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

The plugin was affected by an IDOR issue, allowing students to see other student answers and grades - Add 2 users with Student role for the scenario . - Create A course With a quiz I picked True or Flase question for my quiz - Set Enrol on Free for the ease of scenario - Enrol into the Course wit...

5CVSS0.8AI score0.01625EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/05/17 12:0 a.m.20 views

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

The plugin was affected by an IDOR issue, allowing students to see other student answers and grades PoC - Add 2 users with Student role for the scenario . - Create A course With a quiz I picked True or Flase question for my quiz - Set Enrol on Free for the ease of scenario - Enrol into the...

5CVSS0.4AI score0.01625EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/05/10 12:0 a.m.30 views

WordPress LMS by LifterLMS plugin <= 4.21.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Amirmuhammad Vakili in WordPress LMS by LifterLMS plugin versions = 4.21.0. Solution Update the WordPress LMS by LifterLMS plugin to the latest available version at least 4.21.1...

5.4CVSS2.3AI score0.03249EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/10 12:0 a.m.10 views

LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout

The plugin did not properly sanitise the coupon code during checkout before outputting in back the error message in the page, leading to a reflected Cross-Site Scripting issue...

1.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/05/10 12:0 a.m.11 views

WordPress LifterLMS plugin <= 4.21.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ashish Jha Bluefire Redteam in WordPress LifterLMS plugin versions = 4.21.0. Solution Update the WordPress LifterLMS plugin to the latest available version at least 4.21.1...

2.1AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/05/10 12:0 a.m.93 views

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...

5.4CVSS0.2AI score0.03249EPSS
Exploits5References1
WPVulnDB
WPVulnDB
added 2021/05/10 12:0 a.m.19 views

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...

5.4CVSS0.4AI score0.03249EPSS
Exploits5References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/14 12:0 a.m.22 views

LifterLMS Plugin for WordPress < 3.37.15 Arbitrary File Write

The WordPress LifterLMS Plugin installed on the remote host is affected by an arbitrary file write vulnerability that can allow the attackers to write and execute arbitrary PHP code on the server by changing their first name on their profile to PHP code. Note that the scanner has not tested for...

9.8CVSS8.2AI score0.03776EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/05/05 12:0 a.m.38 views

WordPress LifterLMS Plugin < 3.37.15 Arbitrary File Write Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.8CVSS9.7AI score0.03776EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/05/05 12:0 a.m.22 views

WordPress LifterLMS Plugin < 3.35.0 Unauthenticated Options Import Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.8CVSS9.7AI score0.07453EPSS
Exploits1References1
Rows per page
Query Builder