Thimpress

Learnpress

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-36515

  • EPSS 0.5%
  • Veröffentlicht 19.06.2024 15:15:56
  • Zuletzt bearbeitet 21.11.2024 08:09:51

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.

5.3

CVE-2024-5483

  • EPSS 5.52%
  • Veröffentlicht 05.06.2024 03:15:08
  • Zuletzt bearbeitet 08.04.2026 17:19:04

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible f...

5.4

CVE-2024-4971

  • EPSS 0.63%
  • Veröffentlicht 22.05.2024 06:15:14
  • Zuletzt bearbeitet 08.04.2026 17:18:59

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it ...

6.5

CVE-2024-4444

Exploit
  • EPSS 0.93%
  • Veröffentlicht 14.05.2024 15:43:46
  • Zuletzt bearbeitet 08.04.2026 19:21:38

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible ...

9.8

CVE-2024-4434

Exploit
  • EPSS 77.09%
  • Veröffentlicht 14.05.2024 15:43:44
  • Zuletzt bearbeitet 08.04.2026 17:18:54

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of suffici...

8.8

CVE-2024-4397

  • EPSS 9.39%
  • Veröffentlicht 14.05.2024 15:43:31
  • Zuletzt bearbeitet 08.04.2026 19:21:37

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authent...

5.4

CVE-2024-4277

  • EPSS 0.2%
  • Veröffentlicht 14.05.2024 15:43:12
  • Zuletzt bearbeitet 08.04.2026 18:21:44

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This mak...

5.4

CVE-2024-3560

  • EPSS 0.17%
  • Veröffentlicht 19.04.2024 02:15:10
  • Zuletzt bearbeitet 08.04.2026 18:21:27

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attrib...

7.1

CVE-2024-32588

  • EPSS 1.14%
  • Veröffentlicht 18.04.2024 09:15:12
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.

4.8

CVE-2024-1463

  • EPSS 0.24%
  • Veröffentlicht 09.04.2024 19:15:17
  • Zuletzt bearbeitet 08.04.2026 19:20:42

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output...