Lucene search
K

807 matches found

cvelist
cvelist
added 2026/06/01 2:41 p.m.32 views

CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS0.00198EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/01 2:41 p.m.10 views

CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References1
cve
cve
added 2026/06/01 2:41 p.m.22 views

CVE-2026-48865

CVE-2026-48865 affects the WordPress LearnPress plugin up to version 4.3.6. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. CVSSv3.1 metrics indicate a network attack vector, with low attack complexity, no pr...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/01 2:41 p.m.10 views

CVE-2026-48865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References1
euvd
euvd
added 2026/06/01 2:41 p.m.17 views

EUVD-2026-33651

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/01 1:37 p.m.13 views

WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin LearnPress versions = 4.3.6...

7.1CVSS5.8AI score0.00198EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.24 views

PT-2026-45439

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...

7.1CVSS5.9AI score0.00198EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

WordPress plugin LearnPress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00198EPSS
Exploits0References1
nvd
nvd
added 2026/05/14 5:16 a.m.24 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS0.00423EPSS
Exploits0References8
cve
cve
added 2026/05/14 3:27 a.m.21 views

CVE-2026-7648

The LearnPress WordPress LMS plugin (versions up to 4.3.5) is affected by a payment bypass via a user-controlled parameter in the REST API. In add_to_cart(), unsanitized request parameters are passed via array_merge(), allowing an attacker with subscriber-level access or higher to overwrite hardc...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References8
euvd
euvd
added 2026/05/14 3:27 a.m.11 views

EUVD-2026-30218

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References8
cvelist
cvelist
added 2026/05/14 3:27 a.m.66 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS0.00423EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/05/14 3:27 a.m.7 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/05/14 3:27 a.m.8 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.29 views

WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References1
patchstack
patchstack
added 2026/05/13 3:21 p.m.10 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment vulnerability

Authenticated Subscriber+ Payment Bypass to Free Course Enrollment vulnerability discovered by winrace in WordPress Plugin LearnPress versions = 4.3.5...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/04/14 11:1 a.m.5 views

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2.8...

9.1CVSS5.8AI score0.00867EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/04/14 2:16 a.m.5 views

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS0.00867EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/14 1:24 a.m.31 views

CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS0.00867EPSS
Exploits0References4
cve
cve
added 2026/04/14 1:24 a.m.14 views

CVE-2026-4365

The CVE covers the LearnPress WordPress plugin up to version 4.3.2.8. A missing capability check in delete_question_answer() creates an authorization flaw. The plugin exposes a wp_rest nonce in public frontend HTML (lpData) to unauthenticated visitors and uses that nonce as the sole security gate...

9.1CVSS5.8AI score0.00867EPSS
Exploits0References4
Rows per page
Query Builder