VYPR
Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Aug 3, 2024

WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS)

CVE-2021-24504

Description

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/WP LMS – Best WordPress LMS Plugindescription
  • WordPress/WPLMSllm-create
    Range: <=1.1.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.