CVE-2021-36852 – WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36852
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin ThimPress WP Hotel Booking versiones anteriores a 1.10.5, incluyéndola, en WordPress. The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.5 due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to trigger actions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-hotel-booking/wordpress-wp-hotel-booking-plugin-1-10-5-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/wp-hotel-booking/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-0271 – LearnPress < 4.1.6 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting El plugin LearnPress de WordPress versiones anteriores a 4.1.6, no sanea ni escapa del parámetro lp-dismiss-notice antes de devolverlo por medio de la acción AJAX lp_background_single_email, conllevando a una vulnerabilidad de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/ad07d9cd-8a75-4f7c-bbbe-3b6b89b699f2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0377 – LearnPress < 4.1.5 - Arbitrary Image Renaming
https://notcve.org/view.php?id=CVE-2022-0377
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. • https://www.exploit-db.com/exploits/50706 https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26 • CWE-73: External Control of File Name or Path CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-24951 – LearnPress < 4.1.4 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24951
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues El plugin LearnPress de WordPress versiones anteriores a 4.1.4, no sanea, comprueba ni escapa del parámetro id antes de usarlo en las sentencias SQL al duplicar un curso/lección/cuestionario/pregunta, conllevando a problemas de inyecciones SQL • https://wpscan.com/vulnerability/0a16ddc5-5ab9-4a8f-86b5-41edcbeafc50 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-39348 – LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-39348
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702. El plugin LearnPress de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a un escape insuficiente en el parámetro $custom_profile que se encuentra en el archivo ~/inc/admin/views/backend-user-profile.php y que permite a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta la 4.1.3.1 incluyéndola. Esto afecta a las instalaciones multi-sitio donde unfiltered_html está deshabilitado para los administradores, y los sitios donde unfiltered_html está deshabilitado. • https://github.com/BigTiger2020/word-press/blob/main/LearnPress.md https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2614592%40learnpress&new=2614592%40learnpress&sfp_email=&sfph_mail= https://wordfence.com/vulnerability-advisories/#CVE-2021-39348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •