3 matches found
CVE-2021-24707
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Visit to Paypal Setting Under Learning Plugin Enter the XSS payload " in Email PD...