🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

LearnPress – WordPress LMS Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > LearnPress – WordPress LMS Plugin

Information

Software Type	Plugin
Software Slug	learnpress (view on wordpress.org)
Software Status	Active
Software Author	thimpress
Software Website	thimpress.com
Software Downloads	4,225,342
Software Active Installs	90,000
Software Record Last Updated	May 13, 2024

Showing 21-35 of 35 Vulnerabilities

LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researchers:

LearnPress <= 4.1.5 - Reflected Cross-Site Scripting

6.1

CVE-2022-0271

Mar 16, 2022

Researcher: Krzysztof Zając

LearnPress <= 4.1.4.1 - Arbitrary Image Renaming

4.3

CVE-2022-0377

Jan 26, 2022

Researcher: Ceylan Bozogullarindan

LearnPress <= 4.1.3 - Authenticated SQL Injection

9.8

CVE-2021-24951

Nov 9, 2021

Researcher: ZhongFu Su

LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile

5.5

CVE-2021-39348

Oct 18, 2021

Researcher: Thinkland Security Team

LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting

4.8

CVE-2021-24702

Sep 20, 2021

Researcher: Shivam Rai

LearnPress <= 3.2.6.7 - SQL Injection

8.8

CVE-2020-6010

Jul 19, 2021

Researcher: nhattruong

LearnPress – WordPress LMS Plugin <= 3.2.7.2 - SQL Injection

8.8

CVE ID Unknown

Oct 5, 2020

Researcher: Wilfried Becard

LearnPress <= 3.2.7.2 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Sep 8, 2020

Researcher: Antony Garand

LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter

8.1

CVE-2020-11511

Apr 20, 2020

Researcher: Ram

LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification

7.1

CVE-2020-11510

Apr 19, 2020

Researcher: Ram

LearnPress <= 3.2.6.6 - Privilege Escalation

7.1

CVE-2020-7916

Mar 16, 2020

Researchers:

LearnPress <= 3.0.12 - Authenticated SQL Injection

7.2

CVE-2018-16175

Nov 9, 2018

Researcher: Daiki Sueyoshi

LearnPress <= 3.0.12 - Open Redirect

6.1

CVE-2018-16174

Nov 9, 2018

Researcher: Daiki Sueyoshi

LearnPress <= 3.0.12 - Cross-Site Scripting

6.1

CVE-2018-16173

Nov 9, 2018

Researcher: Daiki Sueyoshi

Title	Status	CVE ID	CVSS	Researchers	Date
LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting	Patched		6.1		June 14, 2022
LearnPress <= 4.1.5 - Reflected Cross-Site Scripting	Patched	CVE-2022-0271	6.1	Krzysztof Zając	March 16, 2022
LearnPress <= 4.1.4.1 - Arbitrary Image Renaming	Patched	CVE-2022-0377	4.3	Ceylan Bozogullarindan	January 26, 2022
LearnPress <= 4.1.3 - Authenticated SQL Injection	Patched	CVE-2021-24951	9.8	ZhongFu Su	November 9, 2021
LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile	Patched	CVE-2021-39348	5.5	Thinkland Security Team	October 18, 2021
LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2021-24702	4.8	Shivam Rai	September 20, 2021
LearnPress <= 3.2.6.7 - SQL Injection	Patched	CVE-2020-6010	8.8	nhattruong	July 19, 2021
LearnPress – WordPress LMS Plugin <= 3.2.7.2 - SQL Injection	Patched		8.8	Wilfried Becard	October 5, 2020
LearnPress <= 3.2.7.2 - Reflected Cross-Site Scripting	Patched		6.1	Antony Garand	September 8, 2020
LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter	Patched	CVE-2020-11511	8.1	Ram	April 20, 2020
LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification	Patched	CVE-2020-11510	7.1	Ram	April 19, 2020
LearnPress <= 3.2.6.6 - Privilege Escalation	Patched	CVE-2020-7916	7.1		March 16, 2020
LearnPress <= 3.0.12 - Authenticated SQL Injection	Patched	CVE-2018-16175	7.2	Daiki Sueyoshi	November 9, 2018
LearnPress <= 3.0.12 - Open Redirect	Patched	CVE-2018-16174	6.1	Daiki Sueyoshi	November 9, 2018
LearnPress <= 3.0.12 - Cross-Site Scripting	Patched	CVE-2018-16173	6.1	Daiki Sueyoshi	November 9, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation