2 matches found
CVE-2023-40607
CVE-2023-40607 is a CSRF vulnerability in the WordPress plugin CLUEVO LMS, E-Learning Platform , affecting versions ≤ 1.10.0 . The issue could enable an unauthenticated attacker to trigger actions on behalf of a user; remediation is to upgrade to version 1.11.0 or newer . Public sources show vary...
CVE-2021-25029
CVE-2021-25029 affects the WordPress CLUEVO LMS plugin prior to version 1.8.1. The vulnerability arises because the plugin does not sanitize and escape data in the Course module, enabling stored Cross‑Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed. Impact is ...