LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

2020-01-15T00:00:00
ID WPVDB-ID:10026
Type wpvulndb
Reporter Andrew Wilder
Modified 2020-01-17T00:00:00

Description

WordPress Vulnerability - LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field. From the Original Researcher (Jinson Varghese Behanan, @JinsonCyberSec): [wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3E