Thimpress

Learnpress

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-1289

  • EPSS 0.2%
  • Veröffentlicht 09.04.2024 19:15:15
  • Zuletzt bearbeitet 08.04.2026 17:18:17

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This make...

7.6

CVE-2024-31241

  • EPSS 0.2%
  • Veröffentlicht 07.04.2024 18:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.

8.8

CVE-2024-2115

  • EPSS 0.27%
  • Veröffentlicht 05.04.2024 08:15:07
  • Zuletzt bearbeitet 08.04.2026 18:20:59

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it poss...

6.1

CVE-2023-5558

Exploit
  • EPSS 2.61%
  • Veröffentlicht 16.01.2024 16:15:13
  • Zuletzt bearbeitet 21.11.2024 08:42:00

The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

9.8

CVE-2023-6634

  • EPSS 91.33%
  • Veröffentlicht 11.01.2024 09:15:50
  • Zuletzt bearbeitet 08.04.2026 17:17:14

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it poss...

7.5

CVE-2023-6567

  • EPSS 82.26%
  • Veröffentlicht 11.01.2024 09:15:49
  • Zuletzt bearbeitet 08.04.2026 18:18:38

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.3

CVE-2023-6223

  • EPSS 0.15%
  • Veröffentlicht 11.01.2024 07:15:08
  • Zuletzt bearbeitet 08.04.2026 17:17:12

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This...

6.1

CVE-2023-30487

  • EPSS 0.11%
  • Veröffentlicht 18.05.2023 09:15:10
  • Zuletzt bearbeitet 21.11.2024 08:00:16

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.

9.8

CVE-2022-47615

Exploit
  • EPSS 82.99%
  • Veröffentlicht 26.01.2023 21:18:03
  • Zuletzt bearbeitet 21.11.2024 07:32:16

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

8.8

CVE-2022-45820

Exploit
  • EPSS 0.41%
  • Veröffentlicht 26.01.2023 21:17:55
  • Zuletzt bearbeitet 21.11.2024 07:29:46

SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.