CVE-2021-24713

CVE-2021-24713: Video Lessons Manager - Admin+ Stored Cross-Site Scripting

Vendor Todo

Product Video Lessons Manager – Best Video Course LMS

Weakness CWE-79 · XSS

Published November 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

November 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24713 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-30970 WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-46515 WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-14298 FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode CVE-2022-2935 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL

Identifiers

CVE CVE-2021-24713

CWE CWE-79

Affected versions

Vendor Todo

Product Video Lessons Manager – Best Video Course LMS

Affected ≥ 1.7.2 and < 1.7.2

Vendor Todo

Product Video Lessons Manager Pro – Best Video Course LMS

Affected ≥ 3.5.9 and < 3.5.9