Reflected Cross Site Scripting | WordPress.org

Resolved essentialsoflife
(@essentialsoflife)

3 weeks, 5 days ago

I was browsing vulnerabilities section and saw one listed that I have a question about.

I am using Ultimate Learning Pro plugin. There is a warning about a Reflected Cross Site Scripting (XSS) vulnerability. This is a plugin offering course lessons. It sounds like a significant security issue. Do I need to change this plugin for a different LMS option?

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Support Jarno Vos
(@jarnovos)

3 weeks, 5 days ago

Hi @essentialsoflife,

Thank you for reaching out to us about this.

Yes, there are 3 unpatched security vulnerabilities in the Ultimate Learning Pro plugin, which indeed includes an (Unauthenticated) Reflected XSS issue (more details here: https://vulnerabilities.really-simple-security.com/plugin/indeed-learning-pro/2ea9f13a-b416-49c2-b975-bcbeb5511968).

I would not recommend using that plugin until the issues are resolved by the author of Ultimate Learning Pro. If the author does not patch these issues in a reasonable timeframe, you may want to consider uninstalling it and finding a suitable replacement.

Kind regards, Jarno

Plugin Support Jarno Vos
(@jarnovos)

3 weeks, 3 days ago

Hi @essentialsoflife,

I’ll mark the thread as resolved, as I suspect that the above reply contains all of the information you require.

But please feel free to send us another message if you have any further questions!

Kind regards, Jarno

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

3 replies
2 participants
Last reply from: Jarno Vos
Last activity: 3 weeks, 3 days ago
Status: resolved