LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.
Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field. First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day. This report is based on an email LearnDash sent out to their users on January 14, 2020.
|Proof of Concept||The PoC will be displayed on January 30, 2020, to give users the time to update.|
fixed in version 3.1.2
|OWASP Top 10||A7: Cross-Site Scripting (XSS)|
|Original Researcher||Jinson Varghese Behanan (@JinsonCyberSec)|
|Publicly Published||2020-01-15 (8 days ago)|
|Added||2020-01-15 (7 days ago)|
|Last Updated||2020-01-17 (5 days ago)|
Our Other Services
|Online WordPress Vulnerability Scanner||WPScan WordPress Security Plugin|