2 matches found
CVE-2024-4397
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...
WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Arbitrary File Upload
Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4397 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e486f6c14d9b Credits JoanClarke2 Required privilege...