cleantalk
Vulnerabilities and Security Researches

WP Learn Manager, CVE-2021-47975

CVE, Research URL

CVE-2021-47975

Home page URL

Security reports for WP Learn Manager

Application

WP Learn Manager

Published on
May 16, 2026
Research Description
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface.
Affected versions
max 1.1.2.
Status
vulnerable
Previous vulnerability researches
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2019-25213) , Oct 17, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2021-24830) , Jun 07, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2020-35935) , Jun 07, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2020-35934) , Jun 07, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2014-6059) , Jun 07, 2024
New vulnerability
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-6381) , May 19, 2026
BuddyPress (CVE-2020-37233) , May 19, 2026