2 matches found
CVE-2021-24951 LearnPress < 4.1.4 - Admin+ SQL Injection
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues...
CVE-2021-24951
The CVE-2021-24951 entry concerns the LearnPress WordPress plugin (prior to version 4.1.4). The exposed issue is a SQL injection in the duplicator flow where the id parameter is not properly sanitized, validated, or escaped before use in SQL statements (affecting course/lesson/quiz/question opera...