CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16174 – LearnPress <= 3.0.12 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-16174
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redirección abierta en LearnPress, en versiones anteriores a la 3.1.0, permite que atacantes remotos redireccionen a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16175 – LearnPress <= 3.0.12 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-16175
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en LearnPress, en versiones anteriores a la 3.1.0, permite que un atacante con derechos de administrador ejecute comandos SQL arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16173 – LearnPress <= 3.0.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16173
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad Cross-Site Scripting (XSS) en versiones anteriores a la 3.1.0 de LearnPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •