CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

CVE-2025-11368

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

CVE-2025-11368

The CWE/CVE entry CVE-2025-11368 maps to the LearnPress WordPress LMS Plugin. Affected versions are up to 4.2.9.4 (and versions prior to 4.2.9.5 as per PT-2025-47660). The root cause is missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax, enabling arbitrary callbac...

CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

PT-2025-47660

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions prior to 4.2.9.5 Description The LearnPress – WordPress LMS Plugin for WordPress is affected by a sensitive information disclosure issue. Missing capability checks in the REST endpoint...

CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

PT-2020-7243 · Ibm · Ibm Infosphere Information Server +1

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server versions 8.1, 8.5, and 8.7 Description: The issue is caused by improper restrictions on directories, allowing a remote authenticated attacker to obtain sensitive information. An attacker could exploit this vi...

WebAssist PowerCMS PHP - Multiple Web Vulnerabilities

Document Title: =============== WebAssist PowerCMS PHP - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1098 Release Date: ============= 2013-09-27 Vulnerability Laboratory ID VL-ID: ==================================== 1098...