CVE-2021-24702

State: PUBLISHED · Published: 2021-10-18 · Updated: 2024-08-03 · Assigner: WPScan

Description

The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / LearnPress – WordPress LMS Plugin — v=4.1.3.1 <4.1.3.1 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/30635cc9-4415-48bb-9c67-ea670ea1b942 x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24702.json