Thimpress

Learnpress

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-4434

Exploit
  • EPSS 77.09%
  • Veröffentlicht 14.05.2024 15:43:44
  • Zuletzt bearbeitet 15.01.2025 20:05:02

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of suffici...

8.8

CVE-2024-4397

  • EPSS 14.89%
  • Veröffentlicht 14.05.2024 15:43:31
  • Zuletzt bearbeitet 15.01.2025 21:23:41

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authent...

5.4

CVE-2024-4277

  • EPSS 0.2%
  • Veröffentlicht 14.05.2024 15:43:12
  • Zuletzt bearbeitet 15.01.2025 18:34:18

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This mak...

5.4

CVE-2024-3560

  • EPSS 0.17%
  • Veröffentlicht 19.04.2024 02:15:10
  • Zuletzt bearbeitet 08.01.2025 17:25:20

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attrib...

7.1

CVE-2024-32588

  • EPSS 1.14%
  • Veröffentlicht 18.04.2024 09:15:12
  • Zuletzt bearbeitet 21.11.2024 09:15:14

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.

4.8

CVE-2024-1463

  • EPSS 0.24%
  • Veröffentlicht 09.04.2024 19:15:17
  • Zuletzt bearbeitet 09.01.2025 17:37:21

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output...

5.4

CVE-2024-1289

  • EPSS 0.2%
  • Veröffentlicht 09.04.2024 19:15:15
  • Zuletzt bearbeitet 09.01.2025 17:41:10

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This make...

7.6

CVE-2024-31241

  • EPSS 0.2%
  • Veröffentlicht 07.04.2024 18:15:09
  • Zuletzt bearbeitet 21.11.2024 09:13:06

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.

8.8

CVE-2024-2115

  • EPSS 0.27%
  • Veröffentlicht 05.04.2024 08:15:07
  • Zuletzt bearbeitet 08.01.2025 18:02:33

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it poss...

6.1

CVE-2023-5558

Exploit
  • EPSS 3.06%
  • Veröffentlicht 16.01.2024 16:15:13
  • Zuletzt bearbeitet 21.11.2024 08:42:00

The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.