PT-2026-41461 · WordPress · Wp Learn Manager

Mohammed Adam

·

Published

2026-05-16

·

Updated

2026-05-17

·

CVE-2021-47975

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions WP Learn Manager version 1.1.2
Description A stored cross-site scripting issue allows unauthenticated attackers to inject malicious scripts. This is achieved by submitting POST requests to the 'jslm fieldordering' page using the fieldtitle parameter. The injected JavaScript executes when administrators access the field ordering interface.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2021-47975

Affected Products

Wp Learn Manager