Mtrv

mtrv

7 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-32149 1Mtrv 1Teachpress Apr 23, 2026 Apr 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-1320 1Mtrv 1Teachpress Apr 8, 2026 Mar 25, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it poss...Show more The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-1321 1Mtrv 1Teachpress Mar 5, 2025 Mar 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied param...Show more The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2023-52129 1Mtrv 1Teachpress Apr 28, 2026 Jan 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.
CVE-2023-49163 1Mtrv 1Teachpress Apr 28, 2026 Dec 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.
CVE-2023-36501 1Mtrv 1Teachpress Nov 21, 2024 Jul 25, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.
CVE-2023-22704 1Mtrv 1Teachpress Nov 21, 2024 Mar 23, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions.