CVE-2026-48865
published 2026-06-01CVE-2026-48865: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue…
PriorityP426high7.1CVSS 3.1
AVNACLPRNUIRSCCLILAL
EPSS
0.20%
9.7th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS.
This issue affects LearnPress: from n/a through 4.3.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thimpress | learnpress | n/a – 4.3.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS.
ghsa_unreviewed·2026-06-01
CVE-2026-48865 [HIGH] CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS.
This issue affects LearnPress: from n/a through 4.3.6.
VulDB
ThimPress LearnPress Plugin up to 4.3.6 on WordPress cross site scripting
vuldb·2026-06-01·CVSS 7.1
CVE-2026-48865 [HIGH] ThimPress LearnPress Plugin up to 4.3.6 on WordPress cross site scripting
A vulnerability, which was classified as problematic, has been found in ThimPress LearnPress Plugin up to 4.3.6 on WordPress. Impacted is an unknown function. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2026-48865. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-01
Published