CVE-2021-24707

The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version ver.24E01 and prior versions, which is caused by a SQL injection vulnerability in the download personal learning...

WordPress Learning Courses plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Learning Courses plugin in versions prior to 5.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An...

CVE-2021-24707

The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24707

CVE-2021-24707 affects the Learning Courses WordPress plugin prior to 5.0. The issue is a stored XSS in the Email PDT identity token settings due to insufficient sanitisation/escaping, allowing high-privilege users to execute scripts when unfiltered_html is disallowed. Affected component: WordPre...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Learning Courses plugin in versions prior to 5.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An...

WordPress Learning Courses plugin <= 4.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by dhananjaygarg192002 in WordPress Learning Courses plugin versions = 5.0. Solution Patched in version 5.0, but closed for other security reasons. This plugin has been closed as of October 8, 2021 and is not available for download. Reason:...

WordPress Learning Courses plugin <= 4.7 - Unauthenticated Options Change vulnerability

Unauthenticated Options Change vulnerability found by Jerome Bruandet Nintechnet in WordPress Learning Courses plugin versions = 4.7. Solution Update the WordPress Learning Courses plugin to the latest available version at least 4.8...

ND Learning <= 4.7 - Unauthenticated Options Change

The Learning Courses WordPress plugin was affected by an Unauthenticated Options Change security vulnerability...

SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)

Course module enables you to create e-learning courses with any number of requirements for completion. The module doesn't sufficiently filter node title displays when being used in a course. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to creat...