CVE-2021-24707
CVE-2021-24707 affects the Learning Courses WordPress plugin prior to 5.0. The issue is a stored XSS in the Email PDT identity token settings due to insufficient sanitisation/escaping, allowing high-privilege users to execute scripts when unfiltered_html is disallowed. Affected component: WordPre...