Lucene search
K

808 matches found

wpexploit
wpexploit
added 2021/09/20 12:0 a.m.532 views

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed When adding new courses, the following fields can have XSS payloads like "alert1...

4.8CVSS0.2AI score0.00661EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/08/27 7:3 p.m.68 views

Metasploit Wrap-Up

LearnPress authenticated SQL injection Metasploit contributor h00die added a new module that exploits CVE-2020-6010, an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to...

6.5CVSS8.8AI score0.49231EPSS
Exploits6
Metasploit
Metasploit
added 2021/08/26 5:42 p.m.194 views

Wordpress LearnPress current_items Authenticated SQLi

LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the currentitems parameter of the post-new.php page. Module Options msf use auxiliary/scanner/http/wplearnpresssqli msf auxiliarywplearnpresssqli show actions ...actions... m...

8.8CVSS8.9AI score0.49231EPSS
Exploits6
NVD
NVD
added 2021/07/30 2:15 p.m.32 views

CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter...

8.1CVSS0.03209EPSS
Exploits5References4
OSV
OSV
added 2021/07/30 2:15 p.m.4 views

CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter...

8.1CVSS5.8AI score0.03209EPSS
Exploits5References4
Prion
Prion
added 2021/07/30 2:15 p.m.20 views

Design/Logic Flaw

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter...

6.8CVSS8.2AI score0.03209EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2021/07/27 4:56 a.m.150 views

CVE-2020-11511

The CVE-2020-11511 entry concerns the LearnPress WordPress plugin (versions prior to 3.2.6.9). A privilege-escalation flaw exists in the learn_press_accept_become_a_teacher function, where the code does not properly check permissions; remote attackers can escalate privileges to LP Instructor via ...

8.1CVSS8.1AI score0.03209EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2021/07/27 4:56 a.m.29 views

CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter...

8.6AI score0.03209EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2021/07/27 12:0 a.m.6 views

PT-2021-9421 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress plugin versions prior to 3.2.6.9 for WordPress Description: The issue allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. Recommendations: For versions prio...

8.1CVSS8.1AI score0.03209EPSS
Exploits5References7
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.231 views

WordPress LearnPress Privilege Escalation

Exploit Title: WordPress Plugin LearnPress /wp-admin/?action=accept-to-be-teacher&userid= Done!...

0.6AI score0.03209EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.532 views

WordPress LearnPress SQL Injection

Exploit Title: WordPress Plugin LearnPress /wp-admin 2. Login with a cred 3. Execute the payload POST /wordpress/wp-admin/post-new.php?posttype=lporder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0 Gecko/20100101 Firefox/89.0 Accept: application/json,...

6.5CVSS0.2AI score0.49231EPSS
Exploits6
0day.today
0day.today
added 2021/07/19 12:0 a.m.145 views

WordPress LearnPress 3.2.6.8 Plugin - Privilege Escalation Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin/?action=accept-to-be-teacher&userid= Done!...

8.1CVSS0.5AI score0.03209EPSS
Exploits5
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.11 views

WordPress 安全漏洞

WordPress is a blogging platform developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers.LearnPress is a learning management system plugin used in it. A security vulnerability exists in versions of the WordPress...

8.1CVSS7.9AI score0.03209EPSS
Exploits5References6
0day.today
0day.today
added 2021/07/19 12:0 a.m.147 views

WordPress LearnPress 3.2.6.7 Plugin - (current_items) SQL Injection (Authenticated) Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login with a cred 3...

8.8CVSS0.1AI score0.49231EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/07/19 12:0 a.m.261 views

WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation

Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version:...

8.1CVSS8.2AI score0.03209EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/07/19 12:0 a.m.581 views

WordPress Plugin LearnPress 3.2.6.7 - &#039;current_items&#039; SQL Injection (Authenticated)

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login wi...

8.8CVSS8.8AI score0.49231EPSS
Exploits6
Patchstack
Patchstack
added 2020/09/09 12:0 a.m.11 views

WordPress LearnPress plugin <= 3.2.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress LearnPress plugin versions = 3.2.7.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.7.3...

2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/09 12:0 a.m.12 views

LearnPress < 3.2.7.3 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

2.2AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/14 12:0 a.m.32 views

LearnPress Plugin for WordPress < 3.2.6.9 Multiple Vulnerabilities

The WordPress LearnPress Plugin installed on the remote host is affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the getitems method of the LPModalSearchItems class due to improper validation of user-supplied input. An authenticated, remote attacker can exploit thi...

8.8CVSS9.3AI score0.49231EPSS
Exploits11References4
CNVD
CNVD
added 2020/05/07 12:0 a.m.9 views

Wordpress LearnPress SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in Wordpress LearnPress...

8.8CVSS8.1AI score0.49231EPSS
Exploits6References1
Rows per page
Query Builder