3 matches found
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...
PT-2024-17776 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.3 Description: The issue allows authenticated attackers to obtain information on orders placed by other users and guests due to missing validation on a user controlled key...