Learnpress Security Vulnerabilities and Issues — Learnpress CVE List

Lucene search

ThimpressLearnpress

9 matches found

CVE•added 2020/04/30 3:15 p.m.•151 views

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection

8.8CVSS8.9AI score0.455EPSS

CVE•added 2021/07/30 2:15 p.m.•117 views

CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

8.1CVSS8.1AI score0.02816EPSS

CVE•added 2024/04/05 8:15 a.m.•60 views

CVE-2024-2115

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate the...

8.8CVSS8.6AI score0.00199EPSS

CVE•added 2024/08/26 9:15 p.m.•53 views

CVE-2024-39641

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.

8.8CVSS7AI score0.00052EPSS

CVE•added 2022/10/31 4:15 p.m.•50 views

CVE-2022-3360

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers ...

8.1CVSS8.6AI score0.11512EPSS

CVE•added 2024/05/14 3:43 p.m.•47 views

CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

8.8CVSS7.5AI score0.06359EPSS

CVE•added 2024/06/19 3:15 p.m.•43 views

CVE-2023-36516

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.

8.8CVSS7.9AI score0.00304EPSS

CVE•added 2024/07/25 11:15 a.m.•41 views

CVE-2024-6589

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include ...

8.8CVSS8.9AI score0.02555EPSS

CVE•added 2024/08/08 6:15 a.m.•38 views

CVE-2024-7548

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

8.8CVSS8.7AI score0.00655EPSS