WordPress · Learnpress · CVE-2023-5558
**Name of the Vulnerable Software and Affected Versions**
LearnPress WordPress plugin versions prior to 4.2.5.5
**Description**
The issue is related to the LearnPress WordPress plugin, which does not properly sanitise and escape user input before outputting it back in the page. This leads to a Reflected Cross-Site Scripting issue, which could be used against high privilege users such as admin.
**Recommendations**
For versions prior to 4.2.5.5, update to version 4.2.5.5 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.