Page 6 of 28 results (0.008 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en LearnPress, en versiones anteriores a la 3.1.0, permite que un atacante con derechos de administrador ejecute comandos SQL arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad Cross-Site Scripting (XSS) en versiones anteriores a la 3.1.0 de LearnPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redirección abierta en LearnPress, en versiones anteriores a la 3.1.0, permite que atacantes remotos redireccionen a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •