Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thimpress learnpress vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-6223
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible f...
Thimpress Learnpress
9.8
CVSSv3
CVE-2022-45808
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
Thimpress Learnpress
1 Github repository
8.8
CVSSv3
CVE-2022-45820
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
Thimpress Learnpress
6.1
CVSSv3
CVE-2023-5558
The LearnPress WordPress plugin prior to 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Thimpress Learnpress
9.8
CVSSv3
CVE-2022-47615
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
Thimpress Learnpress
1 Github repository
6.1
CVSSv3
CVE-2023-30487
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.
Thimpress Learnpress
8.1
CVSSv3
CVE-2022-3360
The LearnPress WordPress plugin prior to 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vul...
Thimpress Learnpress
5.3
CVSSv3
CVE-2024-5483
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated malic...
Thimpress Learnpress
4.3
CVSSv3
CVE-2022-0377
Users of the LearnPress WordPress plugin prior to 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for r...
Thimpress Learnpress
6.1
CVSSv3
CVE-2022-0271
The LearnPress WordPress plugin prior to 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
Thimpress Learnpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »