Lucene search

K

5 matches found

CVE
CVE
added 2024/04/05 8:15 a.m.60 views

CVE-2024-2115

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate the...

8.8CVSS8.6AI score0.00199EPSS
CVE
CVE
added 2024/04/09 7:15 p.m.53 views

CVE-2024-1463

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.8CVSS7.6AI score0.00176EPSS
CVE
CVE
added 2024/04/07 6:15 p.m.47 views

CVE-2024-31241

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.

7.6CVSS8.1AI score0.00148EPSS
CVE
CVE
added 2024/04/19 2:15 a.m.47 views

CVE-2024-3560

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at...

6.4CVSS5.7AI score0.00124EPSS
CVE
CVE
added 2024/04/09 7:15 p.m.41 views

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obta...

6.5CVSS8.8AI score0.00199EPSS