CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24702 – LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24702
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed El plugin LearnPress de WordPress versiones anteriores a 4.1.3.1, no sanea o escapa apropiadamente de varias entradas dentro de la configuración del curso, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting cuando la capacidad unfiltred_html no está permitida • https://wpscan.com/vulnerability/30635cc9-4415-48bb-9c67-ea670ea1b942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 11%CPEs: 1EXPL: 2CVE-2020-6010 – LearnPress <= 3.2.6.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-6010
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection El plugin LearnPress Wordpress versiones anteriores e incluyendo a 3.2.6.7, es vulnerable a una Inyección SQL. LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page. • https://www.exploit-db.com/exploits/50137 http://packetstormsecurity.com/files/163536/WordPress-LearnPress-SQL-Injection.html https://plugins.trac.wordpress.org/browser/learnpress/trunk/readme.txt?rev=2288975 https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins https://wordpress.org/plugins/learnpress/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 8%CPEs: 1EXPL: 2CVE-2020-11511 – LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter
https://notcve.org/view.php?id=CVE-2020-11511
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. El plugin LearnPress versiones anteriores a 3.2.6.9 para WordPress, permite a atacantes remotos escalar privilegios de cualquier usuario a Instructor LP por medio del parámetro accept-to-be-teacher action WordPress LearnPress plugin versions prior to 3.2.6.9 suffer from a privilege escalation vulnerability. • http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html https://cwe.mitre.org/data/definitions/862.html https://wordpress.org/plugins/learnpress/#developers https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7916 – LearnPress <= 3.2.6.6 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7916
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. La función be_teacher en el archivo class-lp-admin-ajax.php en el plugin LearnPress versión 3.2.6.5 y anteriores para WordPress, permite que cualquier usuario registrado se asigne el rol teacher por medio del URI wp-admin/admin-ajax.php?action=learnpress_be_teacher sin ningunas comprobaciones de permiso adicionales. • https://wordpress.org/plugins/learnpress/#developers • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16175 – LearnPress <= 3.0.12 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-16175
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en LearnPress, en versiones anteriores a la 3.1.0, permite que un atacante con derechos de administrador ejecute comandos SQL arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •