CVE-2026-31914 WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through = 3.2.26...

CVE-2026-31914 WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through = 3.2.26...

PT-2026-27994

Name of the Vulnerable Software and Affected Versions hookandhook WP Courses LMS wp-courses versions through 3.2.26 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a DOM-Based Cross-Site Scripting XSS condition. This allows f...

WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Duc Canh canhnguyen26 in WordPress Plugin WP Courses LMS versions = 3.2.26...

WordPress WP Courses LMS plugin <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Update vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP Courses LMS versions = 3.2.21...

CVE-2021-24621

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update

The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpcupdateusermetaoption function in all versions up to, and including, 3.2.21. This makes it...

CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update

The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpcupdateusermetaoption function in all versions up to, and including, 3.2.21. This makes it...

PT-2024-17469 · WordPress · Wp Courses Lms

Name of the Vulnerable Software and Affected Versions: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress versions up to, and including, 3.2.21 Description: The issue is related to unauthorized access due to a missing capability...

WordPress plugin WP Courses LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WP Courses LMS < 3.2.4 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to unauthorized modification of data due to missing capability check on the wpcsavefeoption function hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 788c62b14a2a Credits Unknown Required privilege Subscriber...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 45ff52ba1951 Credits Unknown Required privilege Subscriber...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 884d6eecec59 Credits Unknown Required privilege...

CVE-2021-24621

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

Cross site scripting

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

CVE-2021-24621

The CVE-2021-24621 entry concerns the WP Courses LMS WordPress plugin (versions before 2.0.44). The vulnerability is due to inadequate sanitisation of the Video Embed Code, allowing an authenticated high-privilege user to inject malicious code, leading to Stored Cross-Site Scripting. Affected com...

CVE-2021-24621 WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin WP Courses LMS, which stems from the WP Courses LMS...

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues PoC 1. On the dashboard, navigate to WP Courses Courses Add New...