Lucene search
China National Vulnerability DatabaseCNVD-2021-83666HistoryOct 25, 2021 - 12:00 a.m.
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-83666)
2021-10-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
wordpress
learnpress
security vulnerability
php
administrative user access
web scripts
EPSS
0.001
Percentile
37.9%
WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. A security vulnerability exists in the WordPress plugin LearnPress, which stems from an under-escaped $custom_profile parameter in the ~/inc/admin/views/backend-user-profile.php file. An attacker with administrative user access can inject arbitrary web scripts.
Related
checkpoint_advisories
checkpoint_advisories
WordPress LearnPress Plugin Cross-Site Scripting (CVE-2021-39348)
2021-12-28 00:00:00
openvas
openvas
WordPress LearnPress Plugin < 4.1.3.2 XSS Vulnerability
2021-11-03 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
LearnPress < 4.1.3.2 - Admin+ Stored Cross-Site Scripting
2021-10-18 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-39348
2021-10-21 20:15:07
prion
prion
Cross site scripting
2021-10-21 20:15:00
nvd
nvd
CVE-2021-39348
2021-10-21 20:15:07