Learning Courses < 5.0 – Admin+ Stored Cross-Site Scripting | CVE 2021-24707 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Visit to Paypal Setting Under Learning Plugin
Enter the XSS payload ("><img src=x onerror=alert(1)>) in Email PDT identity token Field and Click on Save Changes.
Visit the Import/Export Tab to trigger the XSS

Affects Plugins

Fixed in 5.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

dhananjaygarg192002

Submitter

dhananjaygarg

Submitter twitter

Verified

Yes

WPVDB ID

0be5e06e-4ff1-43d2-8ba7-2530519d517e

Timeline

Publicly Published

2021-12-29 (about 2 years ago)

Added

2021-12-29 (about 2 years ago)

Last Updated

2022-04-13 (about 2 years ago)

Other

Published

Title

Published

2021-07-23

Title

GTranslate < 2.8.65 - Reflected Cross-Site Scripting (XSS)

Published

2023-02-20

Title

Clio Grow < 1.0.1 - Admin+ Stored XSS

Published

2016-02-23

Title

WP Advanced Importer Plugin < 2.2 - Reflected Cross-Site Scripting (XSS)

Published

2020-10-29

Title

Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2021-07-26

Title

Simple Banner < 2.10.4 - Admin+ Stored XSS