The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability is disallowed, which could lead to Stored Cross-Site Scripting issues
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-13T17:56:34

Updated: 2024-08-03T19:35:20.357Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24621

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-13T18:15:17.857

Modified: 2024-11-21T05:53:25.750

Link: CVE-2021-24621

cve-icon Redhat

No data.