Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Premium Courses & eLearning with Paid Memberships Pro for LearnDash, LifterLMS, Sensei LMS & TutorLMS 1.2.5

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 8, 2023

The Paid Memberships Pro – Courses for Membership Add On plugin for WordPress has a security vulnerability that affects multi-site installations and installations where unfiltered_html has been disabled. This vulnerability allows an authenticated attacker with administrator-level permissions or higher to inject malicious scripts into pages on the website. These scripts will be executed whenever someone accesses the injected page, which can have serious consequences. The vulnerability is present in versions up to and including 1.2.4 and is caused by insufficient input sanitization and output escaping. It can also be exploited via Cross-Site Request Forgery.

Detected in:

Premium Courses & eLearning with Paid Memberships Pro for LearnDash, LifterLMS, Sensei LMS & TutorLMS fixed vulnerable versions: >= * < 1.2.5

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.