WordPress Plugin Vulnerabilities

LearnPress < 4.1.3.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Affects Plugins

Plugin icon
learnpress
Fixed in 4.1.3.2

References

CVE
CVE-2021-39348
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39348

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Thinkland Security Team
Verified
No
WPVDB ID
3ed9a1f6-8798-4b80-b254-7b8e9ced3dc7

Timeline

Publicly Published
2021-10-18 (about 4 years ago)
Added
2021-10-18 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2024-03-01
Title
AI Engine < 2.2.1 - Unauthenticated Stored Cross-Site Scripting
Published
2024-04-04
Title
Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link
Published
2023-02-15
Title
JSON Content Importer < 1.3.16 - Admin+ Stored XSS
Published
2024-05-02
Title
Elementor Website Builder Pro < 3.21.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Published
2024-05-31
Title
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS