CVE-2021-47975

HIGH

WordPress Plugin WP Learn Manager 1.1.2 Stored XSS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47975. PoCs published by Mohammed Adam.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WordPress Plugin WP Learn Manager 1.1.2. The payload is injected via the 'fieldtitle' parameter and triggered when an admin visits the specified page.

Description

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface.

Exploits (1)

exploitdb WORKING POC
by Mohammed Adam · textwebappsphp
https://www.exploit-db.com/exploits/50086

This exploit demonstrates a stored XSS vulnerability in WordPress Plugin WP Learn Manager 1.1.2. The payload is injected via the 'fieldtitle' parameter and triggered when an admin visits the specified page.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin WP Learn Manager 1.1.2
No auth needed
Prerequisites: Access to the WordPress admin interface
devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-50086
https://www.exploit-db.com/exploits/50086
Product product
Official Product Homepage
https://wplearnmanager.com/
Product product
Product Reference
https://wordpress.org/plugins/learn-manager/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin WP Learn Manager 1.1.2 Stored XSS
https://www.vulncheck.com/advisories/wordpress-plugin-wp-learn-manager-stored-xss

Scores

CVSS v3 7.2
EPSS 0.0021
EPSS Percentile 11.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Wplearnmanager/WP Learn Manager 1.1.2
Published May 16, 2026
Tracked Since May 16, 2026