cleantalk
Vulnerabilities and Security Researches

LifterLMS – WordPress LMS Plugin for eLearning, CVE-2021-24308

CVE, Research URL

CVE-2021-24308

Home page URL

Security reports for LifterLMS – WordPress LMS Plugin for eLearning

Application

LifterLMS – WordPress LMS Plugin for eLearning

Published on
May 24, 2021
Research Description
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile.
Affected versions
Min -, max 4.21.1.
Status
vulnerable
Previous vulnerability researches
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-31363) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2019-15896) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24562) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24308) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2020-6008) , Jun 07, 2024
New vulnerability
Simple Lightbox (CVE-2025-3516) , May 18, 2025
RS WP Book ShowCase – WordPress Book Gallery Plugin (Book Slider, Book Carousel, Book Grid, Book List)) (CVE-2025-48119) , May 18, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-48079) , May 18, 2025
Estatik Mortgage Calculator (CVE-2025-48136) , May 18, 2025
EventON (CVE-2025-48116) , May 18, 2025