CVE-2024-3560 – The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored …

19 April 2024

Vuln ID: CVE-2024-3560

Published: 2024-04-19 02:15:10.913

Description: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Base Score: 6.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

19 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Understanding Scattered Spider, and how they perform cloud-centric identity attacks2 May 2024
Dropbox Sign customer data accessed in breach2 May 2024
Florida man gets 6 years behind bars for flogging fake Cisco kit to US military2 May 2024
Patch up – 4 critical bugs in ArubaOS lead to remote code execution2 May 2024
Menlo Security inks cybersecurity partnership with Google Cloud2 May 2024