S4E

CVE-2022-0271 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in LearnPress plugin for WordPress affects v. before 4.1.6.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

LearnPress is a WordPress plugin designed for those who want to create and publish their own online courses. With LearnPress, it is possible to create quizzes, discussions and assignments for students, as well as managing and analysing the entire learning process. The plugin also provides a space for users to track their progress and manage their subscriptions.

Recently, a vulnerability has been detected on the LearnPress plugin, referred to as CVE-2022-0271. This is a Reflected Cross-Site Scripting (XSS) vulnerability caused by the failure to sanitise and escape the lp-dismiss-notice. This means that a cybercriminal can exploit this vulnerability by inserting a script into a link or a URL that a victim clicks on. The script can then extract the information entered by the victim, such as login credentials, and send them to the attacker.

If a cybercriminal exploits this vulnerability, they will be able to control the website, steal sensitive data, and cause significant financial damage. Additionally, if the website is compromised, it can lead to reputation damage or loss of customer trust.

With the pro features of s4e.io, you can easily and quickly learn about vulnerabilities in your digital assets. With our platform, you can receive regular security assessments and audits to detect any vulnerabilities that may affect your website. Sign up for our services today and experience the peace of mind that comes with a secure digital presence.

 

REFERENCES

Get started to protecting your Free Full Security Scan