Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total42
Critical6
High6
Medium30
Reset
Showing 41-42 of 42 records
Threat Entry Updated 2024-11-21

CVE-2021-39348 - Learnpress Plugin

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.

PLUGIN Learnpress

CVE-2021-39348

MEDIUM CVSS 5.5 2021-10-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24702 - Learnpress Plugin

The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

PLUGIN Learnpress

CVE-2021-24702

MEDIUM CVSS 4.8 2021-10-18
Open Full Technical Breakdown
Scroll to top