CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36516 – WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36516
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. Vulnerabilidad de autorización faltante en ThimPress LearnPress. Este problema afecta a LearnPress: desde n/a hasta 4.2.3. The LearnPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on one of its functions in versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-3-authenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11510 – LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification
https://notcve.org/view.php?id=CVE-2020-11510
Versions below 3.2.6.9 allow an attacker to publish or trash any existing post or page, or even set it to a nonexistent status, at which point it would no longer appear on the site or be accessible from wp-admin, and could only be recovered by modifying its status in the database. • CWE-269: Improper Privilege Management •