Skip to main content

Wp Courses Lms

2 CVEs product

Monthly

CVE-2026-31914 MEDIUM This Month

A DOM-Based Cross-Site Scripting (XSS) vulnerability exists in the hookandhook WP Courses LMS WordPress plugin through version 3.2.26, allowing attackers to inject malicious scripts that execute in users' browsers. The vulnerability affects all installations of WP Courses LMS up to and including version 3.2.26, enabling attackers to steal session tokens, redirect users, or perform actions on behalf of authenticated users. No CVSS score, EPSS data, or active KEV/POC information is currently available in public sources, though the vulnerability has been documented by Patchstack and assigned EUVD ID EUVD-2026-15815.

XSS Wp Courses Lms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2021-24621 MEDIUM POC This Month

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Courses Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
EPSS 0% CVSS 6.5
MEDIUM This Month

A DOM-Based Cross-Site Scripting (XSS) vulnerability exists in the hookandhook WP Courses LMS WordPress plugin through version 3.2.26, allowing attackers to inject malicious scripts that execute in users' browsers. The vulnerability affects all installations of WP Courses LMS up to and including version 3.2.26, enabling attackers to steal session tokens, redirect users, or perform actions on behalf of authenticated users. No CVSS score, EPSS data, or active KEV/POC information is currently available in public sources, though the vulnerability has been documented by Patchstack and assigned EUVD ID EUVD-2026-15815.

XSS Wp Courses Lms
NVD VulDB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Courses Lms
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy