← voltar
CVE-2021-24702

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

EPSS 0.7%CWE-79
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed
Produtos afetados
Unknown · LearnPress – WordPress LMS Plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/30635cc9-4415-48bb-9c67-ea670ea1b942