Video Lessons Manager Pro <= 3.5.8 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2021-10-24

The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24713

CVSS

Score:4.8

Severity:Medium

Version: 3.5.8

There is a patch available in v3.5.9 and we strongly recommend you update to this version as soon as possible.