LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

PoC

When adding new courses, the following fields can have XSS payloads like "> injected into them: - Course Settings > General > External Link field - Course Settings > Extra Information > Requirements field - Course Settings > Extra Information > Target Audience field - Course Settings > Extra Information > Key Features field - Course Settings > Extra Information > FAQ Title field