2022-02-07 15:47:16
WPScan
PUBLISHED
The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Courses module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed