cpp-httplib Untrusted Header Handling Vulnerability Leading to Log Poisoning Volerion Risk Score: 7.3 Why this matters cpp-httplib versions 0.26.0 and earlier trust attacker-supplied X-Forwarded-For and X-Real-IP headers without validation. An unauthenticated remote attacker can spoof client IP information, leading to log poisoning that undermines the integrity of audit trails and monitoring. Recommended actions Upgrade to cpp-httplib 0.27.0 or later, which disables acceptance of untrusted...

LearnPress WordPress LMS Plugin Sensitive Information Disclosure Vulnerability Volerion Risk Score: 7.4 Why this matters The LearnPress WordPress LMS plugin (versions ≤ 4.2.9.4) fails to enforce capability checks on the /wp-json/lp/v1/load_content_via_ajax REST endpoint. Unauthenticated attackers can invoke admin-only template callbacks and retrieve sensitive educational content—such as course curricula, quiz questions with correct answers, and other protected materials—directly via the...

ThinkPHP Remote Code Execution Vulnerability in Template File Inclusion Volerion Risk Score: 7.9 Why this matters The template file inclusion mechanism in ThinkPHP 5.0.24 can be abused to load attacker-controlled files containing PHP code. Successful exploitation leads to unauthenticated remote code execution on the web server, granting full control over the application and underlying host. Recommended actions Update ThinkPHP to a version that addresses this vulnerability. Implement strict...