Thimpress

Learnpress

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-6099

  • EPSS 0.42%
  • Veröffentlicht 02.07.2024 11:15:10
  • Zuletzt bearbeitet 08.04.2026 18:22:17

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout...

5.3

CVE-2024-6088

  • EPSS 0.62%
  • Veröffentlicht 02.07.2024 11:15:10
  • Zuletzt bearbeitet 08.04.2026 17:19:08

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauth...

8.8

CVE-2023-36516

  • EPSS 0.41%
  • Veröffentlicht 19.06.2024 15:15:57
  • Zuletzt bearbeitet 21.11.2024 08:09:51

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.

9.8

CVE-2023-36515

  • EPSS 0.36%
  • Veröffentlicht 19.06.2024 15:15:56
  • Zuletzt bearbeitet 21.11.2024 08:09:51

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.

5.3

CVE-2024-5483

  • EPSS 1.01%
  • Veröffentlicht 05.06.2024 03:15:08
  • Zuletzt bearbeitet 08.04.2026 17:19:04

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible f...

5.4

CVE-2024-4971

  • EPSS 0.3%
  • Veröffentlicht 22.05.2024 06:15:14
  • Zuletzt bearbeitet 08.04.2026 17:18:59

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it ...

6.5

CVE-2024-4444

Exploit
  • EPSS 0.71%
  • Veröffentlicht 14.05.2024 15:43:46
  • Zuletzt bearbeitet 08.04.2026 19:21:38

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible ...

9.8

CVE-2024-4434

Exploit
  • EPSS 36.93%
  • Veröffentlicht 14.05.2024 15:43:44
  • Zuletzt bearbeitet 08.04.2026 17:18:54

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of suffici...

8.8

CVE-2024-4397

  • EPSS 1.03%
  • Veröffentlicht 14.05.2024 15:43:31
  • Zuletzt bearbeitet 08.04.2026 19:21:37

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authent...

5.4

CVE-2024-4277

  • EPSS 0.34%
  • Veröffentlicht 14.05.2024 15:43:12
  • Zuletzt bearbeitet 08.04.2026 18:21:44

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This mak...