Lucene search
PRIOn knowledge basePRION:CVE-2021-39348HistoryOct 21, 2021 - 8:15 p.m.
Cross site scripting
2021-10-2120:15:00
PRIOn knowledge base
www.prio-n.com
9
0.001 Low
EPSS
Percentile
37.9%
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.
| CPE | Name | Operator | Version |
|---|---|---|---|
| learnpress | le | 4.1.3.1 |
Related
nvd
nvd
CVE-2021-39348
2021-10-21 20:15:07
CVE-2021-24702
2021-10-18 14:15:09
cvelist
cvelist
cve
cve
CVE-2021-39348
2021-10-21 20:15:07
CVE-2021-24702
2021-10-18 14:15:09
openvas
openvas
WordPress LearnPress Plugin < 4.1.3.1 XSS Vulnerability
2021-11-03 00:00:00
WordPress LearnPress Plugin < 4.1.3.2 XSS Vulnerability
2021-11-03 00:00:00
prion
prion
Cross site scripting
2021-10-18 14:15:00
checkpoint_advisories
checkpoint_advisories
WordPress LearnPress Plugin Cross-Site Scripting (CVE-2021-39348)
2021-12-28 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting
2021-09-20 00:00:00
LearnPress < 4.1.3.2 - Admin+ Stored Cross-Site Scripting
2021-10-18 00:00:00
cnvd
cnvd
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-83666)
2021-10-25 00:00:00
wpexploit
wpexploit
LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting
2021-09-20 00:00:00