WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. A security vulnerability exists in the WordPress plugin LearnPress, which stems from an under-escaped $custom_profile parameter in the ~/inc/admin/views/backend-user-profile.php file. An attacker with administrative user access can inject arbitrary web scripts.