LearnPress
ThimPress
Developer
4.3.7
Latest version
70,000
Installations
No date
Last updated
Vulnerability history
0 present
61 patched
25 Mitigation rules
- Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment vulnerability<= 4.3.513/05/2026
- Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability<= 4.3.2.814/04/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability<= 4.3.307/04/2026
- Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion vulnerability<= 4.3.2.824/03/2026
- Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability<= 4.3.2.812/03/2026
- Admin+ Stored XSS vulnerability< 4.2.7.229/01/2026
- WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability<= 4.3.2.419/01/2026
- WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability<= 4.3.2.106/01/2026
- Missing Authentication to Unauthenticated Course Modification vulnerability<= 4.3.205/01/2026
- Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social vulnerability<= 4.3.116/12/2025
- Missing Authorization to Unauthenticated Orders Statistics Exposure vulnerability<= 4.3.116/12/2025
- Broken Access Control vulnerability<= 4.2.9.430/11/2025
- Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability<= 4.2.9.421/11/2025
- Cross Site Scripting (XSS) vulnerability<= 4.2.9.406/11/2025
- Missing Authorization to Unauthenticated Database Table Manipulation vulnerability<= 4.2.9.318/10/2025
- Admin+ Stored XSS vulnerability< 4.2.7.5.119/05/2025
- Broken Access Control vulnerability<= 4.2.7.527/03/2025
- Authenticated (Admin+) Stored Cross-Site Scripting vulnerability<= 4.2.7.525/02/2025
- Authenticated (Instructor+) Stored Cross-Site Scripting via Lesson Name vulnerability<= 4.2.7.527/01/2025
- Open Redirection vulnerability<= 4.2.7.124/01/2025
- Admin+ Stored XSS vulnerability< 4.2.7.212/12/2024
- Course Material Sensitive Information Exposure via REST API vulnerability<= 4.2.7.310/12/2024
- Unauthenticated SQL Injection via 'c_only_fields' vulnerability<= 4.2.712/09/2024
- Unauthenticated SQL Injection via 'c_fields' vulnerability<= 4.2.712/09/2024
- Authenticated (Contributor+) SQL Injection via order Parameter vulnerability<= 4.2.6.9.308/08/2024
- Insecure Direct Object References (IDOR) vulnerability<= 4.2.6.8.201/08/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 4.2.6.8.201/08/2024
- Authenticated (Contributor+) Local File Inclusion vulnerability<= 4.2.6.8.225/07/2024
- Missing Authorization to Unauthenticated User Registration Bypass vulnerability<= 4.2.6.8.102/07/2024
- Unauthenticated Bypass to User Registration vulnerability<= 4.2.6.8.102/07/2024
- Basic Information Disclosure via JSON API vulnerability<= 4.2.6.805/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability<= 4.2.6.622/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter vulnerability<= 4.2.6.510/05/2024
- Unauthenticated Bypass to User Registration vulnerability<= 4.2.6.510/05/2024
- Unauthenticated Time-Based SQL Injection vulnerability<= 4.2.6.510/05/2024
- Authenticated (Instructor+) Arbitrary File Upload vulnerability<= 4.2.6.510/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.2.6.419/04/2024
- Cross-Site Request Forgery to Privilege Escalation vulnerability<= 4.0.005/04/2024
- Authenticated(LP Instructor+) Stored Cross-Site Scripting vulnerability<= 4.2.6.305/04/2024
- Insecure Direct Object Reference vulnerability<= 4.2.6.305/04/2024
- Command Injection vulnerability<= 4.2.5.704/01/2024
- Insecure Direct Object Reference to Information Disclosure vulnerability<= 4.2.5.703/01/2024
- Unauthenticated SQL Injection via order_by vulnerability<= 4.2.5.703/01/2024
- Reflected Cross-Site Scripting via add_internal_scripts_to_head vulnerability< 4.2.5.408/11/2023
- Authenticated Broken Access Control vulnerability<= 4.2.304/07/2023
- Unauthenticated Broken Access Control vulnerability<= 4.2.304/07/2023
- Auth. SQL Injection (SQLi) vulnerability<= 4.1.7.3.220/01/2023
- Local File Inclusion<= 4.1.7.3.220/01/2023
- Unauthenticated SQL Injection Vulnerability<= 4.1.7.3.220/01/2023
- Unauthenticated PHP Object Injection vulnerability<= 4.1.7.105/10/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 4.1.6.621/06/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 4.1.516/03/2022
- Arbitrary Image Renaming vulnerability<= 4.1.4.126/01/2022
- SQL Injection (SQLi) vulnerability<= 4.1.3.209/11/2021
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.1.3.118/10/2021
- Multiple Stored Cross-Site Scripting (XSS) vulnerabilities<= 4.1.320/09/2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.7.209/09/2020
- Authenticated Time Based Blind SQL Injection (SQLi) vulnerability<= 3.2.6.729/04/2020
- Privilege Escalation vulnerability<= 3.2.6.729/04/2020
- Authenticated Page Creation and Status Modification vulnerability<= 3.2.6.828/04/2020
- Privilege Escalation vulnerability<= 3.2.6.616/03/2020