Vulnerabilities > Thimpress > Learnpress > 4.1.7.1

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-45808 Unspecified vulnerability in Thimpress Learnpress
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
network
low complexity
thimpress
critical
 9.8
9.8
2023-01-26 CVE-2022-45820 Unspecified vulnerability in Thimpress Learnpress
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
network
low complexity
thimpress
8.8
8.8
2022-10-31 CVE-2022-3360 Deserialization of Untrusted Data vulnerability in Thimpress Learnpress
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE).
network
high complexity
thimpress CWE-502
8.1
8.1