📦 Learnpress

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the LearnPress plugin. Attackers can extract sensitive database information by manipulatin...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the LearnPress plugin. Attackers can extract sensitive database information lik...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the LearnPress plugin. Attackers can extract sensitive database information by ...

CVE-2023-36515 is a missing authorization vulnerability in the LearnPress WordPress plugin that allows unauthenticated attackers to perform actions that should require authentication. This affects all...

The LearnPress WordPress LMS plugin has a vulnerability that allows authenticated attackers with Instructor-level permissions or higher to upload arbitrary files due to missing file type validation. T...

The LearnPress WordPress plugin contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP functions with one parameter. This can lead to remote code exe...

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the ThimPress LearnPress Export Import WordPress plugin allows attackers to inject malicious scripts via crafted requests. This af...

This vulnerability in the LearnPress WordPress plugin allows remote attackers to escalate any user's privileges to 'LP Instructor' role via the 'accept-to-be-teacher' action parameter. This affects Wo...

This vulnerability in the LearnPress WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view those settings. It affects WordPr...

This stored XSS vulnerability in LearnPress WordPress plugin allows authenticated attackers with LP Instructor access or higher to inject malicious scripts into lesson names. When users view affected ...

This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into LearnPress plugin settings, which then execute when other users view those settings. It ...

This vulnerability allows unauthenticated attackers to bypass user registration controls in the LearnPress WordPress LMS plugin. Attackers can register accounts with the default role even when registr...

This vulnerability allows unauthenticated attackers to bypass user registration controls in LearnPress WordPress LMS Plugin, enabling them to create accounts with default roles even when registration ...