Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Aug 3, 2024
WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS)
CVE-2021-24504
Description
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP LMS – Best WordPress LMS Plugindescription
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/e0182508-23f4-4bdb-a1ef-1d1be38f3ad1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.