Lucene search
K

108 matches found

Vulnrichment
Vulnrichment
added 2025/06/27 11:52 a.m.3 views

CVE-2025-52799 WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1...

7.1CVSS6.5AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.4 views

WordPress plugin LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/23 12:0 a.m.7 views

WordPress LMS Theme <= 9.1 is vulnerable to Cross Site Scripting (XSS)

Software LMS Type Theme Vulnerable versions = 9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-52799 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fe340a188e96 Credits Ann Required privilege Unauthenticated Published ...

6.8AI score0.0018EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.4 views

CVE-2024-4971

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.4CVSS6AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:8 a.m.9 views

CVE-2024-13599

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.5 views

CVE-2021-24504

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

6.1CVSS6.1AI score0.00762EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/19 3:55 p.m.7 views

CVE-2024-33939 WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3...

5.3CVSS5.3AI score0.00843EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 3:55 p.m.14 views

CVE-2024-33939 WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.7.3...

5.3CVSS0.00843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:9 a.m.13 views

CVE-2022-47615

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.8CVSS6.7AI score0.05063EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:29 p.m.14 views

CVE-2022-45808

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.9CVSS7.9AI score0.04269EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:27 p.m.13 views

CVE-2022-45820

SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...

9.1CVSS7.9AI score0.01005EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:13 a.m.6 views

CVE-2024-56045

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplmsplugin allows Path Traversal.This issue affects WPLMS: from n/a through 1.9.9.5...

9.3CVSS7.4AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2025/01/25 8:15 a.m.20 views

CVE-2024-13599

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP...

6.4CVSS0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.6 views

PT-2024-36691 · Vibethemes · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions prior to 1.9.9.5.2 Description: The issue affects VibeThemes WPLMS, allowing Path Traversal due to the '.../...//' vulnerability. Recommendations: For versions prior to 1.9.9.5.2, update to version 1.9.9.5.2 or later to resolve...

8.5CVSS9.7AI score0.00459EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/12/10 12:24 p.m.13 views

CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

5.3CVSS6.9AI score0.01131EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/10 12:24 p.m.39 views

CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

5.3CVSS0.01131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.9 views

PT-2024-17305

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.3 Description The issue concerns Sensitive Information Exposure, allowing unauthenticated attackers to extract potentially sensitive paid course material through the...

5.3CVSS5.3AI score0.01131EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/11/09 5:40 a.m.17 views

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

9.8CVSS8.1AI score0.33856EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/11/09 5:40 a.m.30 views

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

9.8CVSS0.33856EPSS
Exploits2References2
CVE
CVE
added 2024/11/09 5:40 a.m.80 views

CVE-2024-10470

The CVE describes an unauthenticated path-traversal/file-read and delete vulnerability in the WPLMS Learning Management System WordPress theme (versions

9.8CVSS9.8AI score0.33856EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder