Thimpress

Learnpress

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-13127

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:38
  • Zuletzt bearbeitet 22.05.2025 19:05:55

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal...

5.3

CVE-2025-22739

  • EPSS 0.23%
  • Veröffentlicht 27.03.2025 21:46:01
  • Zuletzt bearbeitet 28.03.2025 18:11:40

Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.

4.7

CVE-2025-24740

  • EPSS 0.09%
  • Veröffentlicht 27.01.2025 15:15:16
  • Zuletzt bearbeitet 27.01.2025 15:15:16

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.

5.4

CVE-2024-13599

  • EPSS 0.07%
  • Veröffentlicht 25.01.2025 08:15:10
  • Zuletzt bearbeitet 04.02.2025 18:13:20

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible ...

4.8

CVE-2024-9881

Exploit
  • EPSS 0.2%
  • Veröffentlicht 12.12.2024 06:15:24
  • Zuletzt bearbeitet 07.05.2025 12:45:39

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

4.8

CVE-2024-10010

Exploit
  • EPSS 0.15%
  • Veröffentlicht 12.12.2024 06:15:18
  • Zuletzt bearbeitet 07.05.2025 13:28:46

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

5.3

CVE-2024-11868

  • EPSS 6.41%
  • Veröffentlicht 10.12.2024 13:15:15
  • Zuletzt bearbeitet 14.01.2025 21:36:35

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers t...

7.5

CVE-2024-8529

  • EPSS 69.53%
  • Veröffentlicht 12.09.2024 09:15:05
  • Zuletzt bearbeitet 13.09.2024 16:11:25

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient esca...

7.5

CVE-2024-8522

  • EPSS 88.05%
  • Veröffentlicht 12.09.2024 09:15:05
  • Zuletzt bearbeitet 13.09.2024 16:12:30

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escapi...

8.8

CVE-2024-39641

  • EPSS 0.15%
  • Veröffentlicht 26.08.2024 21:15:23
  • Zuletzt bearbeitet 18.09.2024 16:57:25

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.