CVE-2025-49992 — Cross-site Scripting in Learnpress Export Import

CWE-79 — Cross-site Scripting CWE-787 — Out-of-bounds Write CWE-416 — Use After Free5 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 91.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Thimpress Learnpress Export Import

Timeline

PublishedOct 22

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through <= 4.0.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages1 packages

▶CVEListV5thimpress/learnpress_export_import4.0.9

🔴Vulnerability Details

CVEList

WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability↗2025-10-22

▶

GHSA

GHSA-4p89-hw8h-5g25: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-im↗2025-10-22

▶

📋Vendor Advisories

Microsoft

drm/stm: Avoid use-after-free issues with crtc and plane↗2024-10-08

▶

Microsoft

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.↗2023-12-12

▶