Description
WordPress Plugin LearnPress-WordPress LMS is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin LearnPress-WordPress LMS version 4.2.6.8.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.2.6.9 or latest
References
Related Vulnerabilities
WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)
Oracle Database Server CVE-2011-0785 Vulnerability (CVE-2011-0785)
WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)
Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)
WordPress Plugin aoringo CAT setter Cross-Site Scripting (0.1.1)