Learnpress Security Vulnerabilities and Issues — Learnpress CVE List

Lucene search

ThimpressLearnpress

4 matches found

CVE•added 2021/07/30 2:15 p.m.•117 views

CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

8.1CVSS8.1AI score0.02816EPSS

CVE•added 2021/12/13 11:15 a.m.•39 views

CVE-2021-24951

The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues

9.8CVSS9.6AI score0.00546EPSS

CVE•added 2021/10/21 8:15 p.m.•39 views

CVE-2021-39348

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...

5.5CVSS4.7AI score0.00447EPSS

CVE•added 2021/10/18 2:15 p.m.•38 views

CVE-2021-24702

The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

4.8CVSS4.8AI score0.00206EPSS