CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24702 – LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24702
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed El plugin LearnPress de WordPress versiones anteriores a 4.1.3.1, no sanea o escapa apropiadamente de varias entradas dentro de la configuración del curso, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting cuando la capacidad unfiltred_html no está permitida • https://wpscan.com/vulnerability/30635cc9-4415-48bb-9c67-ea670ea1b942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 11%CPEs: 1EXPL: 2CVE-2020-6010 – LearnPress <= 3.2.6.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection El plugin LearnPress Wordpress versiones anteriores e incluyendo a 3.2.6.7, es vulnerable a una Inyección SQL. LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page. • https://www.exploit-db.com/exploits/50137 http://packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html https://plugins.trac.wordpress.org/browser/learnpress/trunk/readme.txt?rev=2288975 https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins https://wordpress.org/plugins/learnpress/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 6%CPEs: 1EXPL: 2CVE-2020-11511 – LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter
https://notcve.org/view.php?id=CVE-2020-11511
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. El plugin LearnPress versiones anteriores a 3.2.6.9 para WordPress, permite a atacantes remotos escalar privilegios de cualquier usuario a Instructor LP por medio del parámetro accept-to-be-teacher action WordPress LearnPress plugin versions prior to 3.2.6.9 suffer from a privilege escalation vulnerability. • http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html https://cwe.mitre.org/data/definitions/862.html https://wordpress.org/plugins/learnpress/#developers https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 6%CPEs: 1EXPL: 0CVE-2020-11510 – LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification
https://notcve.org/view.php?id=CVE-2020-11510
Versions below 3.2.6.9 allow an attacker to publish or trash any existing post or page, or even set it to a nonexistent status, at which point it would no longer appear on the site or be accessible from wp-admin, and could only be recovered by modifying its status in the database. • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7916 – LearnPress <= 3.2.6.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7916
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. La función be_teacher en el archivo class-lp-admin-ajax.php en el plugin LearnPress versión 3.2.6.5 y anteriores para WordPress, permite que cualquier usuario registrado se asigne el rol teacher por medio del URI wp-admin/admin-ajax.php?action=learnpress_be_teacher sin ningunas comprobaciones de permiso adicionales. • https://wordpress.org/plugins/learnpress/#developers • CWE-269: Improper Privilege Management •