807 matches found
CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-48865
CVE-2026-48865 affects the WordPress LearnPress plugin up to version 4.3.6. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. CVSSv3.1 metrics indicate a network attack vector, with low attack complexity, no pr...
CVE-2026-48865
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
EUVD-2026-33651
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin LearnPress versions = 4.3.6...
PT-2026-45439
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...
WordPress plugin LearnPress 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-7648
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...
CVE-2026-7648
The LearnPress WordPress LMS plugin (versions up to 4.3.5) is affected by a payment bypass via a user-controlled parameter in the REST API. In add_to_cart(), unsanitized request parameters are passed via array_merge(), allowing an attacker with subscriber-level access or higher to overwrite hardc...
EUVD-2026-30218
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...
CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...
CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...
CVE-2026-7648
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...
WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment vulnerability
Authenticated Subscriber+ Payment Bypass to Free Course Enrollment vulnerability discovered by winrace in WordPress Plugin LearnPress versions = 4.3.5...
WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2.8...
CVE-2026-4365
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...
CVE-2026-4365
The CVE covers the LearnPress WordPress plugin up to version 4.3.2.8. A missing capability check in delete_question_answer() creates an authorization flaw. The plugin exposes a wp_rest nonce in public frontend HTML (lpData) to unauthenticated visitors and uses that nonce as the sole security gate...