{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/wp-learn-manager/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2021-47975"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WP Learn Manager 1.1.2"],"_cs_severities":["medium"],"_cs_tags":["cve","xss","web","wordpress"],"_cs_type":"threat","_cs_vendors":["WP Learn Manager"],"content_html":"\u003cp\u003eWP Learn Manager version 1.1.2 is susceptible to a stored cross-site scripting (XSS) vulnerability, identified as CVE-2021-47975. This flaw allows unauthenticated attackers to inject malicious JavaScript code into the application. The vulnerability is triggered when an attacker sends a crafted POST request to the \u003ccode\u003ejslm_fieldordering\u003c/code\u003e page, embedding the XSS payload within the \u003ccode\u003efieldtitle\u003c/code\u003e parameter. When an administrator accesses the field ordering interface, the injected script is executed within their browser session. This vulnerability could allow attackers to compromise administrator accounts, deface the website, or redirect users to malicious sites.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious POST request targeting the \u003ccode\u003ejslm_fieldordering\u003c/code\u003e page.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a JavaScript payload within the \u003ccode\u003efieldtitle\u003c/code\u003e parameter of the POST request, designed to execute arbitrary code in the administrator\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted POST request to the vulnerable \u003ccode\u003ejslm_fieldordering\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe WP Learn Manager application stores the malicious payload in its database without proper sanitization or encoding.\u003c/li\u003e\n\u003cli\u003eAn administrator logs into the WP Learn Manager administrative interface.\u003c/li\u003e\n\u003cli\u003eThe administrator navigates to the field ordering interface, which retrieves the stored, malicious \u003ccode\u003efieldtitle\u003c/code\u003e value from the database.\u003c/li\u003e\n\u003cli\u003eThe application renders the page, injecting the stored JavaScript payload into the administrator\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe administrator\u0026rsquo;s browser executes the malicious JavaScript code, potentially leading to account compromise or further malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability (CVE-2021-47975) allows unauthenticated attackers to inject arbitrary JavaScript code into the WP Learn Manager application. This can lead to the compromise of administrator accounts, allowing the attacker to gain full control over the website. Other impacts include website defacement, redirection of users to malicious sites, or theft of sensitive information. The CVSS v3.1 base score for this vulnerability is 7.2, indicating a high level of potential impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2021-47975 Exploitation — WP Learn Manager XSS via fieldtitle Parameter\u003c/code\u003e to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for POST requests to the \u003ccode\u003ejslm_fieldordering\u003c/code\u003e endpoint containing suspicious characters or JavaScript code within the \u003ccode\u003efieldtitle\u003c/code\u003e parameter, as highlighted by the \u003ccode\u003ecs-uri-query|contains\u003c/code\u003e field in the Sigma rule.\u003c/li\u003e\n\u003cli\u003eUpgrade WP Learn Manager to a patched version that addresses CVE-2021-47975.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:21:56Z","date_published":"2026-05-16T16:21:56Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47975-xss/","summary":"WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability (CVE-2021-47975) that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter via a POST request to the jslm_fieldordering page, resulting in arbitrary JavaScript execution when administrators view the field ordering interface.","title":"WP Learn Manager Stored XSS Vulnerability (CVE-2021-47975)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47975-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — WP Learn Manager","version":"https://jsonfeed.org/version/1.1"}