Unknown Learnpress vulnerabilities
6 known vulnerabilities affecting unknown/learnpress.
Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2024-13128MEDIUMCVSS 4.8fixed in 4.2.7.5.12025-05-15
CVE-2024-13128 [MEDIUM] CWE-79 CVE-2024-13128: The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings,
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
cvelistv5nvd
CVE-2024-13127MEDIUMCVSS 4.8fixed in 4.2.7.5.12025-05-15
CVE-2024-13127 [MEDIUM] CWE-79 CVE-2024-13127: The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings,
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
cvelistv5nvd
CVE-2024-10010MEDIUMCVSS 4.8fixed in 4.2.7.22024-12-12
CVE-2024-10010 [MEDIUM] CWE-79 CVE-2024-10010: The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, w
The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
cvelistv5nvd
CVE-2024-9881MEDIUMCVSS 4.8fixed in 4.2.7.22024-12-12
CVE-2024-9881 [MEDIUM] CWE-79 CVE-2024-9881: The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, w
The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
cvelistv5nvd
CVE-2023-5558MEDIUMCVSS 6.1PoCfixed in 4.2.5.52024-01-16
CVE-2023-5558 [MEDIUM] CWE-79 CVE-2023-5558: The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before output
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
cvelistv5nvd
CVE-2022-0377MEDIUMCVSS 4.3PoCfixed in 4.1.52022-02-28
CVE-2022-0377 [MEDIUM] CWE-327 CVE-2022-0377: Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-s
cvelistv5nvd