CVE-2021-24702

CVE-2021-24702: LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product LearnPress – WordPress LMS Plugin
Weakness CWE-79 · XSS
Published October 18, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

Key dates

02Disclosure timeline

October 18, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10180 Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode CVE-2024-32566 WordPress WP Club Manager plugin <= 2.2.11 - Cross Site Scripting (XSS) vulnerability CVE-2024-38683 WordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project CVE-2022-21146 ICSA-22-062-01 IPCOMM ipDIO