CVE-2025-32149
- EPSS 0.19%
- Veröffentlicht 04.04.2025 16:15:23
- Zuletzt bearbeitet 12.08.2025 18:37:33
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress allows SQL Injection. This issue affects teachPress: from n/a through 9.0.11.
CVE-2025-1320
- EPSS 0.03%
- Veröffentlicht 25.03.2025 07:15:38
- Zuletzt bearbeitet 11.08.2025 14:14:38
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attac...
CVE-2025-1321
- EPSS 0.1%
- Veröffentlicht 04.03.2025 04:15:11
- Zuletzt bearbeitet 05.03.2025 16:39:15
The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient pr...
CVE-2023-52129
- EPSS 0.05%
- Veröffentlicht 05.01.2024 09:15:09
- Zuletzt bearbeitet 21.11.2024 08:39:14
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.
CVE-2023-49163
- EPSS 0.06%
- Veröffentlicht 18.12.2023 23:15:08
- Zuletzt bearbeitet 21.11.2024 08:32:57
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.
CVE-2023-36501
- EPSS 0.09%
- Veröffentlicht 25.07.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 08:09:50
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.
CVE-2023-22704
- EPSS 0.11%
- Veröffentlicht 23.03.2023 12:15:13
- Zuletzt bearbeitet 21.11.2024 07:45:15
Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions.