Dhananjaygarg192002

**Name of the Vulnerable Software and Affected Versions** The Learning Courses WordPress plugin versions prior to 5.0 **Description** The issue concerns the lack of sanitization and escaping of the Email PDT identity token settings, which could allow high-privilege users to perform cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Email PDT identity token settings to minimize the risk of exploitation.