CVE-2023-5558

LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting

The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

We have discovered 3,856 live websites that are affected by CVE-2023-5558.

Affected Software


Product	LearnPress
Category	Wordpress Plugins
Vulnerable Versions	from 0 before 4.2.5.5
Total Vulnerable Versions	156
Vulnerable Domains	3,856 live websites (44.39% of LearnPress install base)

Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Available Reports

Website List

Details

Published - Jan 16, 2024
Updated - Jan 16, 2024

Credits

Vitor Pacheco (finder)
WPScan (coordinator)

CWE

CWE-79

CVE References

CWE References

cwe.mitre.org

Countries

United States	808 websites

India	321 websites
France	210 websites
Italy	194 websites
Germany	180 websites
Spain	171 websites
Brazil	154 websites
GB	127 websites
Poland	109 websites
Russia	106 websites

TLDs

.com	1,585 websites
.org	256 websites
.it	138 websites
.com.br	126 websites
.net	81 websites
.ru	76 websites
.pl	75 websites
.fr	65 websites
.es	61 websites
.de	60 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

https://wpscan.com/vulnerability/4efd2a4d-89bd-472f-ba5a-f9944fd4dd16/

Websites affected by CVE-2023-5558

Top websites that are affected by CVE-2023-5558. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
***.org	United States	,*
**************************.org	United States	*,*
*.******************.fr	France	*,*
*.****.*.my	Malaysia	*,*
*******.com	Canada	*,*
*********.org	Belgium	*,*
*.**.associates	United States	*,*
****************.com	United Arab Emirates	*,*
*.**********.com	Denmark	*,*
*.********************.org	France	*,*

See full domain list