CVE-2021-39348

LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.

We have discovered 9 live websites that are affected by CVE-2021-39348.

Affected Software


Product	LearnPress
Category	Wordpress Plugins
Vulnerable Versions	from 4.1.3.1 through 4.1.3.1
Total Vulnerable Versions	156
Vulnerable Domains	9 live websites (0.10% of LearnPress install base)

Common Weakness Enumeration

CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Available Reports

Website List

Details

Published - Oct 18, 2021
Updated - Oct 22, 2021

Credits

Thinkland Security Team

CWE

CWE-80

CVE References

CWE References

cwe.mitre.org

Countries

United States	1 websites

India	2 websites
Cyprus	1 websites
Germany	1 websites
Italy	1 websites
Portugal	1 websites
Romania	1 websites
Uruguay	1 websites

TLDs

.com	3 websites
.it	1 websites
.org	1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

Websites affected by CVE-2021-39348

Top websites that are affected by CVE-2021-39348. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
**********.it	Italy	,,*
****.com	Cyprus	,,**
**********.com	India	,,**
*********.org	United States	,,**
****.*.in	India	,,**
********.pt	Portugal	,,**
*****.**********.ro	Romania	,,**
**********.*.uy	Uruguay	,,**
************.com	Germany	,,**

See full domain list