CVE-2024-1289
published 2024-04-09CVE-2024-1289: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.39%
30.9th percentile
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| angular | angular | 1.3.0-rc.4 – 1.8.3 | — |
| servo | idna | >= 0 < 1.0.0 | 1.0.0 |
| thimpress | learnpress | < 4.2.6.4 | 4.2.6.4 |
| thimpress | learnpress_wordpress_lms_plugin_for_create_and_sell_online_courses | <= 4.2.6.3 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
ghsa·2024-12-09
CVE-2024-12224 [MEDIUM] CWE-1289 `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
`idna` 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with `idna` 0.5.0 or earlier.
Concretely, `example.org` and `xn--example-.org` become equal after processing by `idna` 0.5.0 or earlier. Also, `example.org.xn--` and `example.org.` become equal after processing by `idna` 0.5.0 or earlier.
In applications using `idna` (but not in `idna` itself) this may be able to lead to privilege escalation when host name comparison is part of a privilege check and the behavior is combi
GHSA
AngularJS allows attackers to bypass common image source restrictions
ghsa·2024-09-09
CVE-2024-8372 [LOW] CWE-1289 AngularJS allows attackers to bypass common image source restrictions
AngularJS allows attackers to bypass common image source restrictions
Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
GHSA
GHSA-qh29-9j77-hqw6: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4
ghsa_unreviewed·2024-04-09
CVE-2024-1289 [MEDIUM] CWE-285 GHSA-qh29-9j77-hqw6: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed.
Red Hat
idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded
vendor_redhat·2025-05-30·CVSS 5.1
CVE-2024-12224 [MEDIUM] CWE-1289 idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded
idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
A flaw was found in idna crate. This vulnerability allows hostname spoofing and potential privilege escalation via specially crafted Punycode labels that render as ASCII or empty labels, leading to incorrect equality comparisons during hostname validation.
Statement: This issue was rated as moderate because certain hostnames can be interpreted incorrectly by idna, potentially allowing an attacker to bypass hostname checks. Exploitation req
Red Hat
angularjs: From NVD collector
vendor_redhat·2024-09-09·CVSS 4.8
CVE-2024-8372 [MEDIUM] CWE-1289 angularjs: From NVD collector
angularjs: From NVD collector
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
A flaw was found in AngularJS. Improper sanitization of the srcset attribute may allow attackers to bypass common image source restrictions, allowing Content Spoofing.
Mitigation: Currently no mitigation is available for this vulnerability.
Package: openshift-logging/kibana
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042945%40learnpress%2Ftags%2F4.2.6.3&new=3061851%40learnpress%2Ftags%2F4.2.6.4https://www.wordfence.com/threat-intel/vulnerabilities/id/0c410d91-08cc-496d-9c8e-c57f107399da?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042945%40learnpress%2Ftags%2F4.2.6.3&new=3061851%40learnpress%2Ftags%2F4.2.6.4https://www.wordfence.com/threat-intel/vulnerabilities/id/0c410d91-08cc-496d-9c8e-c57f107399da?source=cve
2024-04-09
Published