← back
CVE-2021-47975

WordPress Plugin WP Learn Manager 1.1.2 Stored XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Wplearnmanager · WP Learn Manager
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50086unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.org/plugins/learn-manager/https://wplearnmanager.com/https://www.exploit-db.com/exploits/50086https://www.vulncheck.com/advisories/wordpress-plugin-wp-learn-manager-stored-xss