Lucene search
China National Vulnerability DatabaseCNVD-2022-08152HistoryJan 26, 2022 - 12:00 a.m.
WordPress Tutor LMS Plugin Cross-Site Scripting Vulnerability (CNVD-2022-08152)
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
0.001 Low
EPSS
Percentile
30.2%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Tutor LMS plugin for WordPress prior to 1.9.12, which stems from the fact that search parameters are not escaped before being output back to the properties of the admin page. An attacker could exploit the vulnerability to execute JavaScript code on the client side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress tutor lms plugin | lt | 1.9.12 |
Related
nvd
nvd
CVE-2021-25017
2022-01-24 08:15:09
wpvulndb
wpvulndb
Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting
2021-12-27 00:00:00
cvelist
cvelist
CVE-2021-25017 Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting
2022-01-24 08:01:11
osv
osv
CVE-2021-25017
2022-01-24 08:15:09
wpexploit
wpexploit
Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting
2021-12-27 00:00:00
cve
cve
CVE-2021-25017
2022-01-24 08:15:09
patchstack
patchstack
prion
prion
Cross site scripting
2022-01-24 08:15:00