CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16173 – LearnPress <= 3.0.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16173
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad Cross-Site Scripting (XSS) en versiones anteriores a la 3.1.0 de LearnPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16174 – LearnPress <= 3.0.12 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-16174
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redirección abierta en LearnPress, en versiones anteriores a la 3.1.0, permite que atacantes remotos redireccionen a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN85760090/index.html https://wordpress.org/plugins/learnpress • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •