Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thimpress learnpress vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6223
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible f...
Thimpress Learnpress
6.5
CVSSv2
CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
Thimpress Learnpress
NA
CVE-2023-6634
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated malic...
Thimpress Learnpress
1 Github repository
6.5
CVSSv2
CVE-2018-16175
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Thimpress Learnpress
4.3
CVSSv2
CVE-2018-16173
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Thimpress Learnpress
5.8
CVSSv2
CVE-2018-16174
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Thimpress Learnpress
4
CVSSv2
CVE-2020-7916
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and previous versions for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. There...
Thimpress Learnpress
6.8
CVSSv2
CVE-2020-11511
The LearnPress plugin prior to 3.2.6.9 for WordPress allows remote malicious users to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
Thimpress Learnpress
4.3
CVSSv2
CVE-2022-0271
The LearnPress WordPress plugin prior to 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
Thimpress Learnpress
NA
CVE-2023-30487
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.
Thimpress Learnpress
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »