Three vulnerabilities in LearnPress discovered

Three vulnerabilities in LearnPress prior to version 3.1.0 have been discovered.

LearnPress is a popular plugin with more than 50.000 installations for the WordPress CMS that can be used to create and sell courses online. LearnPress is similar to Moodle, an open source learning platform.

CVE-2018-16173

CVE-2018-16173 is a Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 that allows a remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 

CVE-2018-16174

CVE-2018-16174 is a Open redirect vulnerability in LearnPress prior to version 3.1.0 that allows a remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

 

CVE-2018-16175

CVE-2018-16175 is a SQL injection vulnerability in LearnPress prior to version 3.1.0 that allows an attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

It is recommended that you update to the latest version of LearnPimmediately, which is currently version 3.2.5

 

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW

Related Posts

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
close-link