Vulnerabilities > Thimpress > Learnpress > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-19 | CVE-2023-36515 | Unspecified vulnerability in Thimpress Learnpress Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | 9.8 |
| 2024-01-11 | CVE-2023-6634 | Command Injection vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. | 9.8 |
| 2023-01-26 | CVE-2022-47615 | Unrestricted Upload of File with Dangerous Type vulnerability in Thimpress Learnpress Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.8 |
| 2023-01-26 | CVE-2022-45808 | Unspecified vulnerability in Thimpress Learnpress SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.8 |
| 2021-12-13 | CVE-2021-24951 | Unspecified vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues | 9.8 |