CVE-2021-39348: 
WordPress vulnerability analysis and mitigation

The LearnPress WordPress plugin (versions up to 4.1.3.1) contained a Stored Cross-Site Scripting vulnerability (CVE-2021-39348) discovered in October 2021. The vulnerability was found in the $custom_profile parameter within the ~/inc/admin/views/backend-user-profile.php file due to insufficient escaping. This vulnerability specifically affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled (NVD, WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.5 (Medium) according to Wordfence's assessment (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page). The issue stems from insufficient sanitization of user-supplied data in the Profile Settings page (Wordfence, CheckPoint).

When exploited, this vulnerability allows attackers with administrative user access to inject arbitrary web scripts into the application. The impact is particularly significant in multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled (NVD).

The vulnerability was patched in LearnPress version 4.1.3.2. Users are advised to update to this version or later to mitigate the risk (WPScan).