Lucene search
Andrew WilderWPVDB-ID:2E14F830-11E0-458E-88DB-92FDB4EEBF86HistoryJan 15, 2020 - 12:00 a.m.
LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.
2020-01-1500:00:00
Andrew Wilder
wpscan.com
4
EPSS
0.005
Percentile
75.9%
Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field. First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day. This report is based on an email LearnDash sent out to their users on January 14, 2020.
PoC
From the Original Researcher (Jinson Varghese Behanan, @JinsonCyberSec): [wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Related
zdt
zdt
WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vulnerability
2020-02-10 00:00:00
cvelist
cvelist
CVE-2020-7108
2020-01-16 04:07:16
cve
cve
CVE-2020-7108
2020-01-16 05:15:12
nvd
nvd
CVE-2020-7108
2020-01-16 05:15:12
patchstack
patchstack
exploitpack
exploitpack
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
2020-02-10 00:00:00
packetstorm
packetstorm
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
2020-02-10 00:00:00
prion
prion
Design/Logic Flaw
2020-01-16 05:15:00
wpexploit
wpexploit
exploitdb
exploitdb
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
2020-02-10 00:00:00