Every CVE whose affected-product data names Thimpress Learnpress, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2024-8522 — CVSS 10.0 (critical): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the…
CVE-2024-8529 — CVSS 10.0 (critical): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the…
CVE-2021-24951 — CVSS 9.8 (critical): The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when…
CVE-2024-4434 — CVSS 9.8 (critical): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in…
CVE-2023-6567 — CVSS 9.8 (critical): The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and…
CVE-2024-4397 — CVSS 8.8 (high): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in…
CVE-2024-2115 — CVSS 8.8 (high): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2020-6010 — CVSS 8.8 (high): LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
CVE-2024-7548 — CVSS 8.8 (high): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all…
CVE-2024-6589 — CVSS 8.8 (high): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including…
CVE-2020-11511 — CVSS 8.1 (high): The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the…
CVE-2022-3360 — CVSS 8.1 (high): The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which…
CVE-2023-6634 — CVSS 8.1 (high): The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content…
CVE-2023-36516 — CVSS 7.6 (high): Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
CVE-2023-36515 — CVSS 7.3 (high): Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
CVE-2018-16175 — CVSS 7.2 (high): SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL…
CVE-2024-1289 — CVSS 6.5 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and…
CVE-2020-7916 — CVSS 6.5 (medium): be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign…
CVE-2024-13599 — CVSS 6.4 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and…
CVE-2024-4971 — CVSS 6.4 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in…
CVE-2024-3560 — CVSS 6.4 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions…
CVE-2024-4277 — CVSS 6.4 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’…
CVE-2018-16173 — CVSS 6.1 (medium): Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2018-16174 — CVSS 6.1 (medium): Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and…
CVE-2022-0271 — CVSS 6.1 (medium): The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the…
CVE-2023-5558 — CVSS 6.1 (medium): The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a…
CVE-2021-39348 — CVSS 5.5 (medium): The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter…
CVE-2024-5483 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and…
CVE-2024-6088 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability…
CVE-2024-6099 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up…
CVE-2024-11868 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and…
CVE-2024-4444 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including…
CVE-2024-9881 — CVSS 4.8 (medium): The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-13128 — CVSS 4.8 (medium): The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-13127 — CVSS 4.8 (medium): The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-10010 — CVSS 4.8 (medium): The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2021-24702 — CVSS 4.8 (medium): The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could…
CVE-2024-1463 — CVSS 4.4 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz…
CVE-2022-0377 — CVSS 4.3 (medium): Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process…
CVE-2024-39641 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
CVE-2023-6223 — CVSS 4.3 (medium): The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the…