38 matches found
WordPress LearnPress plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter vulnerability
Authenticated Contributor+ SQL Injection via order Parameter vulnerability discovered by Lucio Sá in WordPress Plugin LearnPress versions = 4.2.6.9.3...
WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin LearnPress versions = 4.2.6.8.2...
WordPress LearnPress Plugin <= 4.2.6.8.2 is vulnerable to Insecure Direct Object References (IDOR)
Software LearnPress Type Plugin Vulnerable versions = 4.2.6.8.2 Fixed in 4.2.6.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-39642 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 051731ae418f Credits Rafie...
WordPress LearnPress plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API vulnerability
Basic Information Disclosure via JSON API vulnerability discovered by Khayal Farzaliyev shaman0x01 in WordPress Plugin LearnPress versions = 4.2.6.8...
WordPress LearnPress plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by stealthcopter in WordPress Plugin LearnPress versions = 4.2.6.6...
WordPress plugin LearnPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress LearnPress plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via layouthtml Parameter vulnerability discovered by stealthcopter in WordPress Plugin LearnPress versions = 4.2.6.5...
WordPress LearnPress plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload vulnerability
Authenticated Instructor+ Arbitrary File Upload vulnerability discovered by JoanClarke2 in WordPress Plugin LearnPress versions = 4.2.6.5...
WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Cross Site Scripting (XSS)
Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4277 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ad5ee25dcd1 Credits stealthcopter Required...
WordPress LearnPress plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin LearnPress versions = 4.2.6.4...
PT-2024-18067 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Course, Lesson, and Quiz title and...
WordPress LearnPress plugin <= 4.2.6.3 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by drop in WordPress Plugin LearnPress versions = 4.2.6.3...
WordPress LearnPress Plugin <= 4.2.6.3 is vulnerable to Cross Site Scripting (XSS)
Software LearnPress Type Plugin Vulnerable versions = 4.2.6.3 Fixed in 4.2.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1463 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 652c7a60489a Credits drop Required privilege L...
WordPress LearnPress Plugin <= 4.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software LearnPress Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2115 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 56ca5ed54f87 Credits Tim Coen Required privile...
WordPress Plugin LearnPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin LearnPress...
CVE-2022-45820 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...
Wordpress LearnPress SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in Wordpress LearnPress...
WordPress LearnPress Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress LearnDash Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...