CVE-2021-24504

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

CVE-2021-24504

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

Cross site request forgery (csrf)

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any...

CVE-2021-24504 WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS)

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

PT-2021-16026 · WordPress · Wplms

Name of the Vulnerable Software and Affected Versions: The WP LMS – Best WordPress LMS Plugin versions 1.1.2 and earlier Description: The issue arises from the plugin's failure to properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Additionally, the lack ...

WordPress WP Learn Manager 1.1.2 Cross Site Scripting

Exploit Title: WordPress Plugin WP Learn Manager 1.1.2 - Stored Cross-Site Scripting XSS Date: July 2, 2021 Exploit Author: Mohammed Adam Vendor Homepage: https://wplearnmanager.com/ Software Link: https://wordpress.org/plugins/learn-manager/ Version: 1.1.2 References link:...