CVE-2021-24504 — MEDIUM (6.1)

Q: How severe is CVE-2021-24504?

CVE-2021-24504 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24504?

Check the references section above for vendor advisories and patch information. Affected products include: Wplearnmanager Wp Learn Manager.

Vulnerability Description

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wplearnmanager	Wp Learn Manager	<= 1.1.2

Related Weaknesses (CWE)

CWE-79 CWE-352

References

https://wpscan.com/vulnerability/e0182508-23f4-4bdb-a1ef-1d1be38f3ad1ExploitThird Party Advisory
https://wpscan.com/vulnerability/e0182508-23f4-4bdb-a1ef-1d1be38f3ad1ExploitThird Party Advisory

FAQ

What is CVE-2021-24504?

CVE-2021-24504 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and ca...

How severe is CVE-2021-24504?

CVE-2021-24504 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24504?

Check the references section above for vendor advisories and patch information. Affected products include: Wplearnmanager Wp Learn Manager.