Three vulnerabilities in LearnPress prior to version 3.1.0 have been discovered.
LearnPress is a popular plugin with more than 50.000 installations for the WordPress CMS that can be used to create and sell courses online. LearnPress is similar to Moodle, an open source learning platform.
CVE-2018-16173 is a Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 that allows a remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16174 is a Open redirect vulnerability in LearnPress prior to version 3.1.0 that allows a remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2018-16175 is a SQL injection vulnerability in LearnPress prior to version 3.1.0 that allows an attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
It is recommended that you update to the latest version of LearnPimmediately, which is currently version 3.2.5