CVE-2021-24621 WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

2021-09-1317:56:34

CWE-79

WPScan

www.cve.org

wp courses lms plugin

authenticated

stored xss

video embed code

security issue

cve-2021-24621

EPSS

0.001

Percentile

24.8%

JSON

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability is disallowed, which could lead to Stored Cross-Site Scripting issues

CNA Affected

[
  {
    "product": "WP Courses LMS",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.0.44",
        "status": "affected",
        "version": "2.0.44",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/bfbb32ac-9ef9-46de-8e5e-7d6d6fb868d8

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24621