Product:

Learnpress

(Thimpress)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2020-03-16 CVE-2020-7916 be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. Learnpress 6.5
2020-04-30 CVE-2020-6010 LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection Learnpress 8.8
2021-10-18 CVE-2021-24702 The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed Learnpress 4.8
2021-10-21 CVE-2021-39348 The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is... Learnpress 4.8
2021-12-13 CVE-2021-24951 The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues Learnpress 9.8
2022-02-28 CVE-2022-0377 Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this... Learnpress 4.3
2022-04-11 CVE-2022-0271 The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting Learnpress 6.1
2022-10-31 CVE-2022-3360 The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. Learnpress 8.1
2023-01-26 CVE-2022-45808 SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Learnpress 9.8