WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Tutor LMS plugin for WordPress prior to 1.9.12, which stems from the fact that search parameters are not escaped before being output back to the properties of the admin page. An attacker could exploit the vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress tutor lms plugin | lt | 1.9.12 |