Skip to main content

Teachpress

5 CVEs product

Monthly

CVE-2025-1321 MEDIUM PATCH This Month

The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Teachpress PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-49163 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48755 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-36501 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22704 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Teachpress +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy