CVE-2023-4602

Name of the Vulnerable Software and Affected Versions Namaste! LMS plugin for WordPress versions up to, and including, 2.6.1.1

Description The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the course id parameter. This enables attackers to execute scripts if they can trick a user into performing a specific action, such as clicking on a link.

Recommendations For Namaste! LMS plugin for WordPress versions up to, and including, 2.6.1.1, avoid using the course id parameter in affected pages until the issue is resolved. As a temporary workaround, consider restricting access to pages that utilize the course id parameter to minimize the risk of exploitation.