Learnpress@* Security Vulnerabilities and Issues — Learnpress@* CVE List

Lucene search

ThimpressLearnpress*

3 matches found

CVE•added 2022/04/11 3:15 p.m.•123 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting

6.1CVSS6AI score0.05551EPSS

CVE•added 2022/02/28 9:15 a.m.•84 views

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the ima...

4.3CVSS4.5AI score0.02681EPSS

CVE•added 2022/10/31 4:15 p.m.•50 views

CVE-2022-3360

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers ...

8.1CVSS8.6AI score0.09418EPSS