Login Sign Up

CVE-2024-13599

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in LearnPress WordPress plugin allows authenticated attackers with LP Instructor access or higher to inject malicious scripts into lesson names. When users view affected pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using LearnPress versions up to 4.2.7.5 are affected.

💻 Affected Systems

Products:
  • LearnPress - WordPress LMS Plugin
Versions: All versions up to and including 4.2.7.5
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with LearnPress plugin and at least one user with LP Instructor role or higher.

📦 What is this software?

Learnpress by Thimpress

View all CVEs affecting Learnpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers with instructor access inject malicious scripts to steal user session cookies or credentials, potentially escalating privileges to administrator level.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability is prevented, though instructor-level accounts could still be compromised through other means.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with LP Instructor privileges or higher. The vulnerability is straightforward to exploit once an attacker has appropriate credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.7.6 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3226650/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LearnPress and click 'Update Now'. 4. Verify update to version 4.2.7.6 or later.

🔧 Temporary Workarounds

Temporary Input Sanitization

all

Add custom sanitization filter for lesson names

Add to theme's functions.php: add_filter('learnpress_lesson_name', 'esc_html');

🧯 If You Can't Patch

  • Remove LP Instructor role from untrusted users
  • Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > LearnPress version. If version is 4.2.7.5 or lower, you are vulnerable.

Check Version:

wp plugin list --name=learnpress --field=version

Verify Fix Applied:

After updating, verify LearnPress version is 4.2.7.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual lesson name updates by instructor accounts
  • JavaScript payloads in lesson name fields

Network Indicators:

  • Unexpected external script loads from lesson pages

SIEM Query:

source="wordpress" AND ("lesson_name" OR "learnpress") AND ("script" OR "javascript" OR "onload" OR "onerror")

📊 Metadata

CVE ID: CVE-2024-13599
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.07% exploit probability (22.3th percentile)
Published: January 25, 2025
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13599, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)