CVE-2026-48865
Deferred Deferred - Pending Action
Reflected Cross-Site Scripting in LearnPress

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-48865
EUVD
EUVD-2026-33651
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thimpress learnpress to 4.3.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the Cross-site Scripting (XSS) vulnerability in LearnPress affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress LearnPress Plugin, versions 4.3.6 and below. It allows attackers to inject malicious scripts into web pages generated by the plugin. When visitors access these pages, the malicious scripts can execute, potentially causing harmful effects.

The vulnerability is classified as a reflected XSS, meaning the malicious script is reflected off a web server, such as in an error message or search result, and requires user interaction like clicking a crafted link or visiting a specially crafted page.

Impact Analysis

Exploitation of this vulnerability can lead to attackers executing malicious scripts in the context of your website. This can result in unwanted redirects, displaying unauthorized content, or other malicious actions that compromise the user experience and security.

Because the attack requires user interaction, such as clicking a malicious link, it can be used in mass-exploit campaigns targeting many websites running vulnerable versions of the plugin.

Overall, this can damage your website's reputation, lead to loss of user trust, and potentially expose users to further attacks.

Detection Guidance

This vulnerability is a reflected Cross Site Scripting (XSS) issue in the WordPress LearnPress Plugin versions 4.3.6 and below. Detection typically involves monitoring for suspicious HTTP requests containing malicious script payloads targeting the vulnerable plugin endpoints.

You can detect potential exploitation attempts by inspecting web server logs for unusual query parameters or payloads that include script tags or JavaScript code.

Example commands to search for suspicious patterns in Apache or Nginx logs might include:

  • grep -iE "<script|javascript:" /var/log/apache2/access.log
  • grep -iE "<script|javascript:" /var/log/nginx/access.log

Additionally, using web application firewall (WAF) logs or enabling the provided mitigation rules from Patchstack can help detect and block attack attempts.

Mitigation Strategies

The immediate recommended step is to update the WordPress LearnPress Plugin to version 4.3.7 or later, where this vulnerability has been patched.

Until the update can be applied, you should implement the mitigation rule provided by Patchstack to block attack attempts targeting this vulnerability.

Additionally, consider using a web application firewall (WAF) to filter and block malicious requests that may exploit this reflected XSS vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart