CVE-2026-48865
Reflected Cross-Site Scripting in LearnPress
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thimpress | learnpress | to 4.3.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress LearnPress Plugin, versions 4.3.6 and below. It allows attackers to inject malicious scripts into web pages generated by the plugin. When visitors access these pages, the malicious scripts can execute, potentially causing harmful effects.
The vulnerability is classified as a reflected XSS, meaning the malicious script is reflected off a web server, such as in an error message or search result, and requires user interaction like clicking a crafted link or visiting a specially crafted page.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to attackers executing malicious scripts in the context of your website. This can result in unwanted redirects, displaying unauthorized content, or other malicious actions that compromise the user experience and security.
Because the attack requires user interaction, such as clicking a malicious link, it can be used in mass-exploit campaigns targeting many websites running vulnerable versions of the plugin.
Overall, this can damage your website's reputation, lead to loss of user trust, and potentially expose users to further attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a reflected Cross Site Scripting (XSS) issue in the WordPress LearnPress Plugin versions 4.3.6 and below. Detection typically involves monitoring for suspicious HTTP requests containing malicious script payloads targeting the vulnerable plugin endpoints.
You can detect potential exploitation attempts by inspecting web server logs for unusual query parameters or payloads that include script tags or JavaScript code.
Example commands to search for suspicious patterns in Apache or Nginx logs might include:
- grep -iE "<script|javascript:" /var/log/apache2/access.log
- grep -iE "<script|javascript:" /var/log/nginx/access.log
Additionally, using web application firewall (WAF) logs or enabling the provided mitigation rules from Patchstack can help detect and block attack attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate recommended step is to update the WordPress LearnPress Plugin to version 4.3.7 or later, where this vulnerability has been patched.
Until the update can be applied, you should implement the mitigation rule provided by Patchstack to block attack attempts targeting this vulnerability.
Additionally, consider using a web application firewall (WAF) to filter and block malicious requests that may exploit this reflected XSS vulnerability.