VYPR

LearnPress – WordPress LMS Plugin

by WordPress

CVEs (11)

  • CVE-2024-8529CriSep 12, 2024
    risk 0.69cvss 10.0epss 0.12

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied…

  • CVE-2024-8522CriSep 12, 2024
    risk 0.66cvss 10.0epss 0.63

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied…

  • CVE-2024-6589HigJul 25, 2024
    risk 0.50cvss 8.8epss 0.01

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access…

  • CVE-2024-4397HigMay 14, 2024
    risk 0.50cvss 8.8epss 0.01

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with…

  • CVE-2024-2115HigApr 5, 2024
    risk 0.50cvss 8.8epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated…

  • CVE-2024-4277MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-3560MedApr 19, 2024
    risk 0.42cvss 6.4epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-1289MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for…

  • CVE-2025-11372MedOct 18, 2025
    risk 0.35cvss 6.5epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to…

  • CVE-2024-1463MedApr 9, 2024
    risk 0.29cvss 4.4epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-6088MedJul 2, 2024
    risk 0.27cvss 5.3epss 0.01

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to…