Learnpress
Approved changes feed: RSS · Atom
cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Thimpress (3359de0e-d602-5f4a-8b30-12c81ab7a63c) |
|---|---|
| Product | Learnpress (587bc9c0-2e85-5dbb-ae8d-4956a2ea7e59) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/learnpress/learnpress |
purl2cpe | 2026-06-01 10:11:30.793543 |
pkg:github/wp-plugins/learnpress |
purl2cpe | 2026-06-01 10:11:30.793547 |
pkg:github/wpplugins/learnpress |
purl2cpe | 2026-06-01 10:11:30.793550 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-48865 |
vulnerable | 2026-06-03 15:26:23.977176 |
WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS.
This issue affects LearnPress: from n/a through 4.3.6.
Published: 2026-06-01T14:41:45.973Z
Updated: 2026-06-01T16:19:03.535Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67536 |
vulnerable | 2026-06-03 15:11:01.748072 |
WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through <= 4.2.9.4.
Published: 2025-12-09T14:14:04.062Z
Updated: 2026-04-28T19:17:53.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-66054 |
vulnerable | 2026-06-03 15:09:40.826996 |
WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability
HIGH (7.5)
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
Published: 2025-12-18T07:22:17.129Z
Updated: 2026-04-28T16:14:15.533Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24740 |
vulnerable | 2026-06-03 14:59:56.780942 |
WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability
MEDIUM (4.7)
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1.
Published: 2025-01-27T14:22:18.371Z
Updated: 2026-04-28T16:11:33.726Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22739 |
vulnerable | 2026-06-03 14:59:41.309421 |
WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5.
Published: 2025-03-27T21:46:01.072Z
Updated: 2026-04-28T16:11:05.995Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39642 |
vulnerable | 2026-06-03 14:56:22.084258 |
WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability
MEDIUM (6.5)
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
Published: 2024-08-13T10:47:20.445Z
Updated: 2026-04-28T16:10:07.667Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39641 |
vulnerable | 2026-06-03 14:56:22.083276 |
WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
Published: 2024-08-26T20:56:35.651Z
Updated: 2026-04-28T16:10:07.724Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36516 |
vulnerable | 2026-06-03 14:52:26.523737 |
WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability
HIGH (7.6)
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
Published: 2024-06-19T14:18:33.714Z
Updated: 2026-04-28T16:08:31.204Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36515 |
vulnerable | 2026-06-03 14:52:26.521478 |
WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability
HIGH (7.3)
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
Published: 2024-06-19T14:20:08.589Z
Updated: 2026-04-28T16:08:31.027Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16175 |
vulnerable | 2026-06-03 14:38:20.016564 |
Details available
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Published: 2019-01-09T22:00:00.000Z
Updated: 2024-08-05T10:17:38.216Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16174 |
vulnerable | 2026-06-03 14:38:20.016187 |
Details available
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Published: 2019-01-09T22:00:00.000Z
Updated: 2024-08-05T10:17:38.356Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16173 |
vulnerable | 2026-06-03 14:38:20.014930 |
Details available
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2019-01-09T22:00:00.000Z
Updated: 2024-08-05T10:17:38.322Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.