CVE-2023-5558: 
WordPress vulnerability analysis and mitigation

The LearnPress WordPress plugin before version 4.2.5.5 was identified with a Reflected Cross-Site Scripting vulnerability (CVE-2023-5558). The vulnerability was discovered and disclosed on January 16, 2024. This security issue affects the LearnPress plugin, a WordPress Learning Management System (LMS) solution, and specifically impacts installations running versions prior to 4.2.5.5 (NVD).

The vulnerability stems from improper input sanitization and escaping mechanisms within the plugin. When user input is processed, the plugin fails to properly sanitize and escape the data before outputting it back in the page, creating a potential attack vector for Reflected Cross-Site Scripting. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability primarily affects high-privilege users such as administrators. When successfully exploited, the Reflected XSS vulnerability could allow attackers to execute malicious scripts in the context of the administrator's browser session, potentially leading to unauthorized actions or data theft (WPScan).

The recommended mitigation is to update the LearnPress WordPress plugin to version 4.2.5.5 or later, which contains the security fix for this vulnerability (NVD).