CVE-2021-39348 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Learnpress

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.7%

top 29.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Learnpress Thimpress Learnpress

Timeline

PublishedOct 21

Latest updateMay 24

Description

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDthimpress/learnpress4.1.3.1

▶CVEListV5learnpress/learnpress4.1.3.1 — 4.1.3.1

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-8wvx-x66h-gvp7: The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in th↗2022-05-24

▶

CVEList

LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting↗2021-10-21

▶