cpp-httplib Untrusted HTTP Header Handling Vulnerability Allowing Header Injection and Authorization Bypass Volerion Risk Score: 7.3 Why this matters cpp-httplib versions ≤ 0.26.0 allow attackers to spoof critical metadata headers like REMOTE_ADDR and LOCAL_PORT. Downstream components that rely on these headers for logging, auditing, or IP-based access controls may trust attacker-supplied values, enabling IP spoofing, log poisoning, and unauthorized access to protected resources. Recommended...

cpp-httplib Untrusted Header Handling Vulnerability Leading to Log Poisoning Volerion Risk Score: 7.3 Why this matters cpp-httplib versions 0.26.0 and earlier trust attacker-supplied X-Forwarded-For and X-Real-IP headers without validation. An unauthenticated remote attacker can spoof client IP information, leading to log poisoning that undermines the integrity of audit trails and monitoring. Recommended actions Upgrade to cpp-httplib 0.27.0 or later, which disables acceptance of untrusted...

LearnPress WordPress LMS Plugin Sensitive Information Disclosure Vulnerability Volerion Risk Score: 7.4 Why this matters The LearnPress WordPress LMS plugin (versions ≤ 4.2.9.4) fails to enforce capability checks on the /wp-json/lp/v1/load_content_via_ajax REST endpoint. Unauthenticated attackers can invoke admin-only template callbacks and retrieve sensitive educational content—such as course curricula, quiz questions with correct answers, and other protected materials—directly via the...