2 matches found
CVE-2024-4971
CVE-2024-4971 refers to LearnPress – WordPress LMS Plugin. Affected: LearnPress ≤ 4.2.6.6. Issue: Stored Cross-Site Scripting via id parameter (per Wordfence details) arising from input handling; the initial description cites Reflected XSS. Root cause per sources: insufficient input sanitization/...
CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...