VYPR

Cluevo Lms

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-11328MedJan 9, 2025
    risk 0.33cvss 6.1epss 0.00

    The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for…

  • CVE-2023-40607MedOct 6, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.

  • CVE-2024-11444MedDec 6, 2024
    risk 0.21cvss 4.3epss 0.00

    The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for…