Thimpress

Learnpress

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-3560

  • EPSS 0.32%
  • Veröffentlicht 19.04.2024 02:15:10
  • Zuletzt bearbeitet 08.04.2026 18:21:27

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attrib...

7.1

CVE-2024-32588

  • EPSS 0.55%
  • Veröffentlicht 18.04.2024 09:15:12
  • Zuletzt bearbeitet 28.04.2026 19:24:49

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.

4.8

CVE-2024-1463

  • EPSS 0.43%
  • Veröffentlicht 09.04.2024 19:15:17
  • Zuletzt bearbeitet 08.04.2026 19:20:42

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output...

5.4

CVE-2024-1289

  • EPSS 0.39%
  • Veröffentlicht 09.04.2024 19:15:15
  • Zuletzt bearbeitet 08.04.2026 17:18:17

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This make...

7.6

CVE-2024-31241

  • EPSS 0.49%
  • Veröffentlicht 07.04.2024 18:15:09
  • Zuletzt bearbeitet 28.04.2026 19:24:16

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.

8.8

CVE-2024-2115

  • EPSS 0.27%
  • Veröffentlicht 05.04.2024 08:15:07
  • Zuletzt bearbeitet 08.04.2026 18:20:59

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it poss...

6.1

CVE-2023-5558

Exploit
  • EPSS 0.92%
  • Veröffentlicht 16.01.2024 16:15:13
  • Zuletzt bearbeitet 21.11.2024 08:42:00

The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

9.8

CVE-2023-6634

  • EPSS 8.54%
  • Veröffentlicht 11.01.2024 09:15:50
  • Zuletzt bearbeitet 08.04.2026 17:17:14

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it poss...

7.5

CVE-2023-6567

  • EPSS 51.39%
  • Veröffentlicht 11.01.2024 09:15:49
  • Zuletzt bearbeitet 08.04.2026 18:18:38

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.3

CVE-2023-6223

  • EPSS 0.35%
  • Veröffentlicht 11.01.2024 07:15:08
  • Zuletzt bearbeitet 08.04.2026 17:17:12

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This...