VYPR

CLUEVO LMS, E-Learning Platform

by WordPress

CVEs (3)

  • CVE-2024-11328MedJan 9, 2025
    risk 0.33cvss 6.1epss 0.00

    The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for…

  • CVE-2021-25029MedFeb 7, 2022
    risk 0.31cvss 4.8epss 0.01

    The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

  • CVE-2024-11444MedDec 6, 2024
    risk 0.21cvss 4.3epss 0.00

    The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for…