WordPress Plugin Vulnerabilities

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

Description

The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile.

Proof of Concept

Affects Plugins

Plugin icon
lifterlms
Fixed in 4.21.1

References

CVE
CVE-2021-24308
URL
https://github.com/gocodebox/lifterlms/releases/tag/4.21.1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.4 (high)

Miscellaneous

Original Researcher
captain_hook
Submitter
Amirmohammad vakili
Submitter website
https://vitasecurityteam.com
Verified
Yes
WPVDB ID
f29f68a5-6575-441d-98c9-867145f2b082

Timeline

Publicly Published
2021-05-10 (about 4 years ago)
Added
2021-05-10 (about 4 years ago)
Last Updated
2023-06-30 (about 2 years ago)

Other

Published
Title
Published
2023-02-15
Title
Zeno Font Resizer < 1.8.0 - Admin+ Stored XSS
Published
2025-03-27
Title
Better WishList API < 1.1.5 - Reflected Cross-Site Scripting
Published
2025-02-03
Title
Upcasted S3 Offload – AWS S3, Digital Ocean Spaces, Backblaze, Minio and more < 3.0.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2012-08-10
Title
Quick Post Widget 1.9.1 - Multiple Cross-Site Scripting (XSS)
Published
2024-12-11
Title
Primary Addon for Elementor < 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting