CVE-2022-0271

State: PUBLISHED · Published: 2022-04-11 · Updated: 2024-08-02 · Assigner: WPScan

Description

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / LearnPress – WordPress LMS Plugin — v=4.1.6 <4.1.6 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/ad07d9cd-8a75-4f7c-bbbe-3b6b89b699f2 x_refsource_MISC

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0271.json