CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5519 – ItsourceCode Learning Management System Project In PHP login.php sql injection
https://notcve.org/view.php?id=CVE-2024-5519
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/L1OudFd8cl09/CVE/issues/2 https://vuldb.com/?ctiid.266590 https://vuldb.com/?id.266590 https://vuldb.com/?submit.346310 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33939 – Masteriyo - LMS <= 1.7.3 - Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2024-33939
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.7.3 via the REST API due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view other users course progress. • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24882 – WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-24882
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2. Una vulnerabilidad de gestión de privilegios incorrecta en Masteriyo LMS permite la escalada de privilegios. Este problema afecta a LMS: desde n/a hasta 1.7.2. The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_logged_in_user() function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator. • https://patchstack.com/database/vulnerability/learning-management-system/wordpress-lms-by-masteriyo-plugin-1-7-2-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40607 – WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40607
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CLUEVO CLUEVO LMS, complemento de E-Learning Platform en versiones <= 1.10.0. The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.0. This is due to missing nonce validation on the save_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/cluevo-lms/wordpress-cluevo-lms-plugin-1-10-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25029 – Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-25029
The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin CLUEVO LMS, E-Learning Platform de WordPress versiones anteriores a 1.8.1, no sanea y escapa del módulo Course's, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html está deshabilitada The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed The CLUEVO E-Learning Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping in the Course's module. This makes it possible for high privilege attackers, even when the unfiltered_html capability is disallowed, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/723d0d07-c48b-4fe3-9fb2-7dae3c7d3cfb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •