Description
WordPress Plugin LearnPress-WordPress LMS is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin LearnPress-WordPress LMS version 4.2.6.8.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.2.6.9 or latest
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35152)
WordPress Plugin Widgets on Pages Cross-Site Scripting (1.6.0)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1950)
WordPress 2.3.3 Directory Traversal Vulnerability (0.6.2 - 2.3.3)