Headline
CVE-2020-7108: LearnDash Plugin Vulnerable To Reflected XSS: Update Immediately
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
While performing a security audit on one of our client’s website, I discovered a reflected cross-site scripting vulnerability in the WordPress LMS plugin by LearnDash. All WordPress websites using LearnDash version from 3.0.0 through 3.1.1 are affected.
CVE ID: CVE-2020-7108
CWE ID: CWE-79
****Summary****
LearnDash is one of the most popular and easiest to use WordPress LMS plugins in the market. It allows users to easily create courses and sell them online and boasts a large customer base. The XSS vulnerability in LearnDash can be exploited by attackers against authenticated users to perform malicious actions such as stealing the victim’s session cookies or login credentials, performing arbitrary actions on the victim’s behalf, logging their keystrokes and more.
Vulnerability
Once the user is logged in to the WordPress website where the vulnerable LearnDash plugin is installed, the XSS payload can be inserted into the Search Your Courses box. The payload gets executed because the user input is not properly validated.
As a result, passing the XSS payload as a query string in the URL will also execute the payload.
[wordpress website][learndash my-account page]?ld-profile-search=%3Cscript%3Ealert(document.cookie)%3C/script%3E
An attacker can modify the above URL and use an advanced payload that could help him/her in performing malicious actions.
****Timeline****
Vulnerability reported to the LearnDash team – January 14, 2020
LearnDash version 3.1.2 containing the fix to the vulnerability was released on the same day.
****Recommendation****
It is highly recommended to update the plugin to the latest version. If you are using the Astra Security Suite, you are protected against this vulnerability.
For best security practices, you can follow the below guides:
- WordPress Security Guide
- WordPress Hack and Malware Removal
Reference
WPVulnDB
CVE MITRE
Jinson Varghese
Jinson Varghese Behanan is an Information Security Analyst at Astra. Passionate about Cybersecurity from a young age, Jinson completed his Bachelor’s degree in Computer Security from Northumbria University. When he isn’t glued to a computer screen, he spends his time reading InfoSec materials, playing basketball, learning French and traveling. You can follow him on Medium or visit his Website for more stories about the various Security Audits he does and the crazy vulnerabilities he finds.