Vulnerabilities > Thimpress > Learnpress > 4.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-45808 | Unspecified vulnerability in Thimpress Learnpress SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.8 |
| 2023-01-26 | CVE-2022-45820 | Unspecified vulnerability in Thimpress Learnpress SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 8.8 |
| 2022-10-31 | CVE-2022-3360 | Deserialization of Untrusted Data vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). | 8.1 |
| 2022-04-11 | CVE-2022-0271 | Unspecified vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | 6.1 |