Plugin Exploit

Reflected XSS Vulnerability found in LearnDash LMS Plugin [3.0.0 – 3.1.1] – Update Immediately

Updated on: March 29, 2020

Reflected XSS Vulnerability found in LearnDash LMS Plugin [3.0.0 – 3.1.1] – Update Immediately

While performing a security audit on one of our client’s website, I discovered a reflected cross-site scripting vulnerability in the WordPress LMS plugin by LearnDash. All WordPress websites using LearnDash version from 3.0.0 through 3.1.1 are affected.

CVE ID: CVE-2020-7108
CWE ID: CWE-79

Summary

LearnDash is one of the most popular and easiest to use WordPress LMS plugins in the market. It allows users to easily create courses and sell them online and boasts a large customer base. The XSS vulnerability in LearnDash can be exploited by attackers against authenticated users to perform malicious actions such as stealing the victim’s session cookies or login credentials, performing arbitrary actions on the victim’s behalf, logging their keystrokes and more.

Vulnerability

Once the user is logged in to the WordPress website where the vulnerable LearnDash plugin is installed, the XSS payload can be inserted into the Search Your Courses box. The payload gets executed because the user input is not properly validated.

As a result, passing the XSS payload as a query string in the URL will also execute the payload.

[wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3E

reflected xss

An attacker can modify the above URL and use an advanced payload that could help him/her in performing malicious actions.

Timeline

Vulnerability reported to the LearnDash team – January 14, 2020
LearnDash version 3.1.2 containing the fix to the vulnerability was released on the same day.

Recommendation

It is highly recommended to update the plugin to the latest version. If you are using the Astra Security Suite, you are protected against this vulnerability.

For best security practices, you can follow the below guides:

Reference

WPVulnDB
CVE MITRE

Was this post helpful?

Jinson Varghese

Jinson Varghese Behanan is an Information Security Analyst at Astra. Passionate about Cybersecurity from a young age, Jinson completed his Bachelor's degree in Computer Security from Northumbria University. When he isn’t glued to a computer screen, he spends his time reading InfoSec materials, playing basketball, learning French and traveling. You can follow him on Medium or visit his Website for more stories about the various Security Audits he does and the crazy vulnerabilities he finds.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany