CVE-2021-24504: 
WordPress 5FOqC0

The WP LMS – Best WordPress LMS Plugin WordPress plugin through version 1.1.2 contains a security vulnerability identified as CVE-2021-24504. The vulnerability was discovered by Mohammed Adam and publicly disclosed on May 24, 2021. This security issue affects the User Field Titles functionality in the WordPress plugin, where improper input validation and sanitization create security risks (WPScan Advisory).

The vulnerability is classified as an Unauthenticated Stored Cross-Site Scripting (XSS) with additional Cross-Site Request Forgery (CSRF) implications. The CVSS v3.1 base score is 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue stems from inadequate sanitization and validation of User Field Titles, combined with missing CSRF and capability checks. This vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability allows attackers to inject and execute malicious scripts through the User Field Titles functionality. This can be exploited either through CSRF attacks or by any user, including unauthenticated visitors. The successful exploitation could lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially compromising sensitive information or performing unauthorized actions (WPScan Advisory).

The XSS vulnerability was fixed in version 1.1.3 of the WP LMS plugin through proper escaping and sanitization of input. However, it's worth noting that CSRF and capability check issues were confirmed to still be present in version 1.1.4. Users are advised to upgrade to at least version 1.1.3 to mitigate the XSS risk (WPScan Advisory).