CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

LifterLMS < 8.0.1 - Cross-Site Scripting

LifterLMS WordPress plugin before 8.0.1 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin via a crafted request. id: CVE-2024-13619 info: name: LifterLMS 8.0.1 - Cross-Site Scripting author:...

6.1CVSS5.9AI score0.00168EPSS

Exploits1References3

RedhatCVE•added 2026/04/13 7:24 p.m.•2 views

CVE-2026-5207

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00013EPSS

Exploits0References1

Patchstack•added 2026/04/12 11:32 p.m.•2 views

WordPress LifterLMS plugin <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'order' Parameter vulnerability discovered by momopon1415 in WordPress Plugin LifterLMS versions = 9.2.1...

6.5CVSS6AI score0.00013EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/11 3:30 a.m.•0 views

EUVD-2026-21660

6.5CVSS6AI score0.00013EPSS

Exploits0References6

NVD•added 2026/04/11 2:16 a.m.•0 views

CVE-2026-5207

6.5CVSS0.00013EPSS

Exploits0References5

Cvelist•added 2026/04/11 1:24 a.m.•26 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

6.5CVSS0.00013EPSS

Exploits0References5

Vulnrichment•added 2026/04/11 1:24 a.m.•2 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

6.5CVSS6AI score0.00013EPSS

Exploits0References5

CVE•added 2026/04/11 1:24 a.m.•8 views

CVE-2026-5207

The CVE-2026-5207 entry concerns the LifterLMS WordPress plugin (versions up to 9.2.1). It describes an SQL Injection via the ‘order’ parameter due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated access at Instructor level (with edit_post capabi...

6.5CVSS6AI score0.00013EPSS

Exploits0References5

ATTACKERKB•added 2026/04/11 1:24 a.m.•1 views

CVE-2026-5207

6.5CVSS6AI score0.00013EPSS

Exploits0References6

Positive Technologies•added 2026/04/11 12:0 a.m.•0 views

PT-2026-32090

6.5CVSS6AI score0.00013EPSS

Exploits0References6

CNNVD•added 2026/04/11 12:0 a.m.•2 views

WordPress plugin LifterLMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References6

RedhatCVE•added 2025/11/14 4:6 a.m.•2 views

CVE-2025-11923

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

8.8CVSS6.2AI score0.00083EPSS

Exploits0References1

Patchstack•added 2025/11/13 5:52 p.m.•4 views

WordPress LifterLMS plugin <= Various versions - Authenticated (Student+) Privilege Escalation vulnerability

Authenticated Student+ Privilege Escalation vulnerability discovered by shark3y in WordPress Plugin LifterLMS versions 9.1.0...

8.8CVSS6.7AI score0.00083EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/13 4:15 a.m.•3 views

CVE-2025-11923

8.8CVSS0.00083EPSS

Exploits0References4

Cvelist•added 2025/11/13 3:27 a.m.•25 views

CVE-2025-11923 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation

8.8CVSS0.00083EPSS

Exploits0References4

CVE•added 2025/11/13 3:27 a.m.•15 views

CVE-2025-11923

CVE-2025-11923 (LifterLMS) — Summary for the WordPress plugin vulnerability Affected product: LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes (WordPress plugin). Root cause: Privilege escalation due to insufficient identity validation before allowing role modification via the REST API...

8.8CVSS5.8AI score0.00083EPSS

Exploits0References4

Vulnrichment•added 2025/11/13 3:27 a.m.•2 views

CVE-2025-11923 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation

8.8CVSS5.8AI score0.00083EPSS

Exploits0References4

EUVD•added 2025/11/13 3:27 a.m.•1 views

EUVD-2025-150405

8.8CVSS5.7AI score0.00083EPSS

Exploits0References5

Positive Technologies•added 2025/11/13 12:0 a.m.•3 views

PT-2025-46776

Name of the Vulnerable Software and Affected Versions LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin versions 3.5.3 through 3.41.2 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin versions 4.0.0 through 4.21.3 LifterLMS – WP LMS for eLearning, Online Courses,...

8.8CVSS6.5AI score0.00083EPSS

Exploits0References13

CNNVD•added 2025/11/13 12:0 a.m.•1 views

WordPress plugin LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.8CVSS6.5AI score0.00083EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by