Thimpress Learnpress vulnerabilities
50 known vulnerabilities affecting thimpress/learnpress.
Total CVEs
50
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH14MEDIUM28UNKNOWN2
Vulnerabilities
Page 2 of 3
CVE-2024-5483MEDIUMCVSS 5.3PoCfixed in 4.2.6.8.12024-06-05
CVE-2024-5483 [MEDIUM] CWE-200 CVE-2024-5483: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Ex
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails
nvd
CVE-2024-4971MEDIUMCVSS 5.4fixed in 4.2.6.72024-05-22
CVE-2024-4971 [MEDIUM] CWE-79 CVE-2024-4971: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scr
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can
nvd
CVE-2024-4434CRITICALCVSS 9.8PoCfixed in 4.2.6.62024-05-14
CVE-2024-4434 [CRITICAL] CWE-89 CVE-2024-4434: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to app
nvd
CVE-2024-4397HIGHCVSS 8.8fixed in 4.2.6.62024-05-14
CVE-2024-4397 [HIGH] CWE-434 CVE-2024-4397: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads d
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected
nvd
CVE-2024-4444MEDIUMCVSS 6.5fixed in 4.2.6.62024-05-14
CVE-2024-4444 [MEDIUM] CWE-420 CVE-2024-4444: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registrat
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disa
nvd
CVE-2024-4277MEDIUMCVSS 5.4fixed in 4.2.6.62024-05-14
CVE-2024-4277 [MEDIUM] CWE-79 CVE-2024-4277: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary
nvd
CVE-2024-3560MEDIUMCVSS 5.4fixed in 4.2.6.52024-04-19
CVE-2024-3560 [MEDIUM] CWE-79 CVE-2024-3560: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to in
nvd
CVE-2024-1289MEDIUMCVSS 5.4fixed in 4.2.6.42024-04-09
CVE-2024-1289 [MEDIUM] CWE-285 CVE-2024-1289: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object R
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and gue
nvd
CVE-2024-1463MEDIUMCVSS 4.8fixed in 4.2.6.42024-04-09
CVE-2024-1463 [MEDIUM] CWE-79 CVE-2024-1463: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to injec
nvd
CVE-2024-2115HIGHCVSS 8.8fixed in 4.0.12024-04-05
CVE-2024-2115 [HIGH] CWE-352 CVE-2024-2115: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forge
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate their privileges to that of a teacher via a forged request
nvd
CVE-2023-5558MEDIUMCVSS 6.1PoCfixed in 4.2.5.52024-01-16
CVE-2023-5558 [MEDIUM] CWE-79 CVE-2023-5558: The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before output
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
nvd
CVE-2023-6634CRITICALCVSS 9.8PoC≤ 4.2.5.72024-01-11
CVE-2023-6634 [CRITICAL] CWE-88 CVE-2023-6634: The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could resu
nvd
CVE-2023-6567HIGHCVSS 7.5PoCfixed in 4.2.5.82024-01-11
CVE-2023-6567 [HIGH] CWE-89 CVE-2023-6567: The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL que
nvd
CVE-2023-6223MEDIUMCVSS 4.3≤ 4.2.5.72024-01-11
CVE-2023-6223 [MEDIUM] CWE-639 CVE-2023-6223: The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the
nvd
CVE-2023-30487MEDIUMCVSS 6.1≤ 4.0.22023-05-18
CVE-2023-30487 [MEDIUM] CWE-79 CVE-2023-30487: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plu
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.
nvd
CVE-2022-45808CRITICALCVSS 9.8PoC≤ 4.1.7.3.22023-01-26
CVE-2022-45808 [CRITICAL] CWE-89 CVE-2022-45808: SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
nvd
CVE-2022-47615CRITICALCVSS 9.8PoCfixed in 4.2.02023-01-26
CVE-2022-47615 [CRITICAL] CWE-434 CVE-2022-47615: Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
nvd
CVE-2022-45820HIGHCVSS 8.8≤ 4.1.7.3.22023-01-26
CVE-2022-45820 [HIGH] CWE-89 CVE-2022-45820: SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
nvd
CVE-2022-3360HIGHCVSS 8.1fixed in 4.1.7.22022-10-31
CVE-2022-3360 [HIGH] CWE-502 CVE-2022-3360: The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint availa
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them t
nvd
CVE-2022-0271MEDIUMCVSS 6.1PoCfixed in 4.1.62022-04-11
CVE-2022-0271 [MEDIUM] CWE-79 CVE-2022-0271: The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice befo
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
nvd