Lucene search

K
wpvulndbTri Wanda SeptianWPVDB-ID:BFBB32AC-9EF9-46DE-8E5E-7D6D6FB868D8
HistoryAug 16, 2021 - 12:00 a.m.

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

2021-08-1600:00:00
Tri Wanda Septian
wpscan.com
5

0.001 Low

EPSS

Percentile

24.8%

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability is disallowed, which could lead to Stored Cross-Site Scripting issues

PoC

1. On the dashboard, navigate to WP Courses > Courses > Add New > Video Embed Code (iframe) (in the Post settings), inject with XSS payload, such as ; 2. Click Update, and to trigger XSS payload, open URL path of course

CPENameOperatorVersion
wp-courseslt2.0.44

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:BFBB32AC-9EF9-46DE-8E5E-7D6D6FB868D8