Login Sign Up

CVE-2024-13127

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability in the LearnPress WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view those settings. It affects WordPress sites using LearnPress versions before 4.2.7.5.1, particularly in multisite configurations where unfiltered_html is restricted.

💻 Affected Systems

Products:
  • LearnPress WordPress Plugin
Versions: All versions before 4.2.7.5.1
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin-level access. Particularly relevant in WordPress multisite setups where unfiltered_html capability is restricted.

📦 What is this software?

Learnpress by Thimpress

View all CVEs affecting Learnpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to site takeover, data theft, or malware distribution to visitors.

🟠

Likely Case

Privileged user (admin) injects malicious scripts that affect other users viewing plugin settings, potentially stealing session cookies or redirecting users.

🟢

If Mitigated

Limited to authenticated admin users only, with impact contained to users accessing affected plugin settings pages.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin privileges. Attack vector is through plugin settings interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.7.5.1

Vendor Advisory: https://wpscan.com/vulnerability/003ac248-74db-4b83-af0b-aa37ffb9b3d3/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LearnPress plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 4.2.7.5.1+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit administrative access to trusted users only and implement strong authentication controls.

Disable Plugin

linux

Temporarily disable LearnPress plugin until patched.

wp plugin deactivate learnpress

🧯 If You Can't Patch

  • Implement strict access controls for admin accounts and monitor admin activity logs.
  • Use web application firewall (WAF) rules to block XSS payloads in plugin settings endpoints.

🔍 How to Verify

Check if Vulnerable:

Check LearnPress plugin version in WordPress admin panel under Plugins > Installed Plugins.

Check Version:

wp plugin get learnpress --field=version

Verify Fix Applied:

Confirm LearnPress version is 4.2.7.5.1 or higher in plugin details.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin activity modifying LearnPress settings
  • POST requests to learnpress settings endpoints with script tags

Network Indicators:

  • HTTP requests containing script payloads to /wp-admin/admin.php?page=learnpress-settings

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin.php" AND query_string="page=learnpress-settings") AND (http_method="POST" AND content="<script")

📊 Metadata

CVE ID: CVE-2024-13127
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (16.8th percentile)
Published: May 15, 2025
Last Updated: May 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13127, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)