CVE-2021-24707

The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
References
Configurations

Configuration 1

cpe:2.3:a:nd-learning_project:nd-learning:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-02-01 01:15

Updated : 2022-02-04 05:37


NVD link : CVE-2021-24707

Mitre link : CVE-2021-24707

Products Affected
No products.
CWE