WordPress LearnPress plugin <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

learnpress

Software

LearnPress

Vulnerable Versions

<= 4.1.3.1

Fixed in version

4.1.3.2

CVE

CVE-2021-39348

References

CVE-2021-39348
Vulnerability details
Plugin changelog

Credits

Thinkland Security Team

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-10-18

CVSS 3.0 score

5.5

Medium

Requires high privilege user authentication like admin.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Thinkland Security Team in WordPress LearnPress plugin (versions <= 4.1.3.1).

Solution

Update the WordPress LearnPress plugin to the latest available version (at least 4.1.3.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Vulnerability Database

WordPress LearnPress plugin <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

learnpress

Software

LearnPress

Vulnerable Versions

<= 4.1.3.1

Fixed in version

4.1.3.2

CVE

CVE-2021-39348

References

CVE-2021-39348
Vulnerability details
Plugin changelog

Credits

Thinkland Security Team

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-10-18

CVSS 3.0 score

5.5

Requires high privilege user authentication like admin.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Thinkland Security Team in WordPress LearnPress plugin (versions <= 4.1.3.1).

Solution

Update the WordPress LearnPress plugin to the latest available version (at least 4.1.3.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2021 Patchstack

© 2021 Patchstack

Vulnerability Database

WordPress LearnPress plugin <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

learnpress

Software

LearnPress

Vulnerable Versions

<= 4.1.3.1

Fixed in version

4.1.3.2

CVE

CVE-2021-39348

References

CVE-2021-39348 Vulnerability details Plugin changelog

Credits

Thinkland Security Team

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-10-18

CVSS 3.0 score

5.5

Requires high privilege user authentication like admin.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Thinkland Security Team in WordPress LearnPress plugin (versions <= 4.1.3.1).

Solution

Update the WordPress LearnPress plugin to the latest available version (at least 4.1.3.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2021 Patchstack

© 2021 Patchstack

CVE-2021-39348
Vulnerability details
Plugin changelog