cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2021-24702

CVE, Research URL

CVE-2021-24702

Published on
Oct 18, 2021
Research Description
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed
Affected versions
Min -, max 4.1.5.
Status
vulnerable