learnpress icon indicating copy to clipboard operation
learnpress copied to clipboard
verified publisher icon LearnPress

Cross Site Scripting issues in: FilterCourseElementor.php

Open YouGina opened this issue 2 years ago • 1 comments

The following lines are vulnerable to XSS:

https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L203

https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L210

https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L215-L219

https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L223-L227

https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L234

This code is disabled in the current version that is downloadable via wordpress.org, but enabled in the current development version. Would be great if this could be solved before going to production.

YouGina avatar Dec 07 '23 21:12 YouGina

Hi YouGina,

Currently, we don't release this Widget. But on the code we'll fix it on v4.2.7.1

Thanks. Best Regard!

tungnxt89 avatar Sep 05 '24 07:09 tungnxt89