Is "LearnPress – WordPress LMS Plugin" safe?

WordPress Plugin security and safety information.

Rating: Good (current version safe) Recommendations

LearnPress – WordPress LMS Plugin: Plugin Details


Type: Plugin
Author: ThimPress
URL: https://wordpress.org/plugins/learnpress/
Latest Version: 3.2.7.6

 

LearnPress – WordPress LMS Plugin: Security Information


Insecure versions: Up To 3.2.6.9
Known since: 2020-09-10 20:36:48
Description: Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting (XSS) within the admin panel, which could be exploited by using s Cross-Site Request Forgery (CSRF) attack.


Insecure versions: Up To 3.2.6.7
Known since: 2020-05-01 00:05:41
Description: This could allow a low privilege user, to perform a time based SQL Injection attack and retrieve data from the DB, such as hashed passwords.


Insecure versions: Up To 3.2.6.7
Known since: 2020-04-28 23:26:15
Description: Allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.


Insecure versions: Up To 3.2.6.7
Known since: 2020-04-28 23:24:28
Description: The LearnPress plugin allows authenticated remote attackers with minimal permissions to create pages with arbitrary titles, or modify the publication status of any existing page, via the learnpress_create_page or learnpress_update_order_status AJAX actions.


Insecure versions: Up To 3.2.6.7
Known since: 2020-04-28 23:24:28
Description: The LearnPress plugin allows authenticated remote attackers with minimal permissions to create pages with arbitrary titles, or modify the publication status of any existing page, via the learnpress_create_page or learnpress_update_order_status AJAX actions.


 

LearnPress – WordPress LMS Plugin: Safety Recommendations


We have rated LearnPress – WordPress LMS Plugin as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of LearnPress – WordPress LMS Plugin.

LearnPress – WordPress LMS Plugin: Staying Up-to-date


Make sure your installation of LearnPress – WordPress LMS Plugin is safe with the following free Jetpack services for WordPress sites:
  • Updates & Management
    Turn on auto-updates for LearnPress – WordPress LMS Plugin or manage in bulk.
  • Prevent Infiltrations
    Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

LearnPress – WordPress LMS Plugin: Keeping Safe


If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
  • Automated Backups
    Full backup of your entire site with unlimited storage space.
  • Restores & Migrations
    Restore or migrate your site from a backup with one click.
  • Security Scanning
    Regular, automated scans of your site for malware, threats, and hacks.
  • Expert Support
    Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information


This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.