CVE-2021-25029

Name of the Vulnerable Software and Affected Versions CLUEVO LMS, E-Learning Platform WordPress plugin versions prior to 1.8.1

Description The issue concerns the lack of sanitization and escaping of Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the capability to edit Course's modules to trusted users only until the update is applied.