Lucene search
K

4 matches found

NVD
NVD
added 2024/06/05 9:15 a.m.17 views

CVE-2024-4743

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS9.5AI score0.00457EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/05 8:33 a.m.10 views

CVE-2024-4743 LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS7.2AI score0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/06/05 8:33 a.m.68 views

CVE-2024-4743

CVE-2024-4743 affects LifterLMS – WP LMS for eLearning. It is a SQL Injection via the lifterlms_favorites shortcode’s orderBy parameter in all versions up to 7.6.2, caused by insufficient escaping and incomplete query preparation. An authenticated attacker with Contributor-level access can inject...

8.8CVSS8AI score0.00457EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/05 8:33 a.m.26 views

CVE-2024-4743 LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS9.5AI score0.00457EPSS
Exploits0References2
Rows per page
Query Builder