Lucene search
Andrew WilderWPEX-ID:2E14F830-11E0-458E-88DB-92FDB4EEBF86HistoryJan 15, 2020 - 12:00 a.m.
LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.
2020-01-1500:00:00
Andrew Wilder
10
EPSS
0.005
Percentile
75.9%
Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field. First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day. This report is based on an email LearnDash sent out to their users on January 14, 2020.
From the Original Researcher (Jinson Varghese Behanan, @JinsonCyberSec):
[wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3ERelated
zdt
zdt
WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vulnerability
2020-02-10 00:00:00
cvelist
cvelist
CVE-2020-7108
2020-01-16 04:07:16
wpvulndb
wpvulndb
cve
cve
CVE-2020-7108
2020-01-16 05:15:12
nvd
nvd
CVE-2020-7108
2020-01-16 05:15:12
patchstack
patchstack
exploitpack
exploitpack
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
2020-02-10 00:00:00
packetstorm
packetstorm
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
2020-02-10 00:00:00
prion
prion
Design/Logic Flaw
2020-01-16 05:15:00
exploitdb
exploitdb
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
2020-02-10 00:00:00