2 matches found
CVE-2021-24707
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24707
CVE-2021-24707 affects the Learning Courses WordPress plugin prior to 5.0. The issue is a stored XSS in the Email PDT identity token settings due to insufficient sanitisation/escaping, allowing high-privilege users to execute scripts when unfiltered_html is disallowed. Affected component: WordPre...