cleantalk
Vulnerabilities and Security Researches

WP Learn Manager, CVE-2021-24504

CVE, Research URL

CVE-2021-24504

Home page URL

Security reports for WP Learn Manager

Application

WP Learn Manager

Published on
Aug 02, 2021
Research Description
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)
Affected versions
max 1.1.5.
Status
vulnerable
Previous vulnerability researches
WP Learn Manager (CVE-2021-47975) , May 19, 2026
WP Learn Manager (CVE-2021-24504) , Jun 10, 2024
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-45442) , May 19, 2026
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-6381) , May 19, 2026