Lucene search
K

183 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-5207

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/11 3:30 a.m.3 views

EUVD-2026-21660

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/11 1:24 a.m.29 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.2 views

PT-2026-32090

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 3:31 p.m.5 views

EUVD-2026-21390

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

5.8AI score0.00319EPSS
Exploits1References2
NVD
NVD
added 2026/04/10 3:16 p.m.3 views

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

9.8CVSS0.00319EPSS
Exploits1References1
CVE
CVE
added 2026/04/10 12:0 a.m.11 views

CVE-2026-36233

CVE-2026-36233 concerns a SQL injection in the itsourcecode Online Student Enrollment System v1.0 , specifically in the file assignInstructorSubjects.php . The issue arises because the vulnerable parameter subjcode is used directly in SQL queries without proper cleaning/validation, enabling attac...

9.8CVSS5.9AI score0.00319EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.3 views

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

5.9AI score0.00319EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.143 views

📄 WordPress Tutor LMS 3.9.5 Insecure Direct Object Reference

WordPress Tutor LMS plugin versions 3.9.5 and below suffer from broken access control and insecure direct object reference vulnerabilities. CVE-2026-1375: Authenticated IDOR / Broken Access Control in Tutor LMS Plugin Disclaimer: This repository is created for educational purposes and ethical...

8.1CVSS5.8AI score0.00345EPSS
Exploits1
CVE
CVE
added 2026/04/10 12:0 a.m.16 views

CVE-2026-36232

Summary: CVE-2026-36232 affects the itsourcecode Online Student Enrollment System v1.0, via the file instructorClasses.php . The issue arises because the parameter classId from $_GET['classId'] is directly concatenated into an SQL query without sanitization or validation, enabling SQL injection. ...

9.8CVSS5.8AI score0.00319EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability arises from the classId parameter in the instructorClasses.php...

9.8CVSS5.8AI score0.00319EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-31929

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $ GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

5.8AI score0.00319EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.30 views

CVE-2026-36232

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

0.00319EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 3:15 a.m.7 views

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS0.002EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/05 8:6 p.m.26 views

CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS0.00223EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 8:6 p.m.5 views

CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.7AI score0.00223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.6 views

CVE-2026-1375

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References IDOR in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the courselistbulkaction, bulkdeletecourse, and...

8.1CVSS5.5AI score0.00345EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 4:58 p.m.16 views

CVE-2026-24665

Open eClass (formerly GUnet eClass) is affected by CVE-2026-24665 due to a stored XSS vulnerability in uploaded assignment files. Before version 4.2, authenticated students could inject JavaScript that executes when instructors view submissions. The issue has been addressed in version 4.2. Remedi...

8.7CVSS5.3AI score0.00182EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/02/03 7:31 a.m.6 views

EUVD-2026-5274

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References IDOR in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the courselistbulkaction, bulkdeletecourse, and...

8.1CVSS5.5AI score0.00345EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6197

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A stored Cross-Site Scripting XSS issue exists in versions before 4.2, enabling authenticated students to...

8.7CVSS5.6AI score0.00182EPSS
Exploits1References6
Rows per page
Query Builder