cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2022-0271

CVE, Research URL

CVE-2022-0271

Home page URL

Security reports for LearnPress – WordPress LMS Plugin

Application

LearnPress – WordPress LMS Plugin

Published on
Apr 11, 2022
Research Description
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
Affected versions
Min -, max 4.1.6.7.
Status
vulnerable
Previous vulnerability researches
LearnPress Export Import – WordPress extension for LearnPress (CVE-2024-32588) , Jun 07, 2024
LearnPress Export Import – WordPress extension for LearnPress (CVE-2024-31241) , Jun 07, 2024
LearnPress Export Import – WordPress extension for LearnPress (CVE-2023-30487) , Jun 07, 2024
LearnPress Export Import – WordPress extension for LearnPress (CVE-2024-9609) , Nov 15, 2024
LearnPress – WordPress LMS Plugin (CVE-2024-11868) , Dec 11, 2024
New vulnerability
WS Form LITE – Drag & Drop Contact Form Builder for WordPress (CVE-2025-3912) , Apr 28, 2025
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2025-3743) , Apr 28, 2025
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes (CVE-2025-3280) , Apr 28, 2025
FuseDesk (CVE-2025-3832) , Apr 27, 2025
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025