CVE-2024-13128 is a medium-severity vulnerability affecting the LearnPress WordPress plugin versions prior to 4.2.7.5.1. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw categorized under CWE-79. It arises because the plugin fails to properly sanitize and escape certain settings inputs. This flaw allows users with high privileges, such as administrators, to inject malicious scripts that are stored persistently within the application. Notably, this vulnerability can be exploited even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which normally restricts the ability to post unfiltered HTML. The CVSS 3.1 base score is 4.8, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact affects confidentiality and integrity to a limited extent (C:L, I:L), but does not impact availability (A:N). There are no known exploits in the wild, and no official patches or mitigation links have been provided yet. The vulnerability was reserved in early 2025 and published in May 2025. Since LearnPress is a popular WordPress LMS plugin, this vulnerability could be leveraged by malicious administrators or compromised admin accounts to inject persistent malicious JavaScript, potentially leading to session hijacking, privilege escalation, or defacement within the affected WordPress sites.

For European organizations using LearnPress, especially educational institutions, e-learning providers, and training platforms, this vulnerability poses a risk of persistent XSS attacks that could compromise user sessions, steal sensitive data, or manipulate site content. Since the exploit requires high privileges, the main risk vector is through compromised or malicious administrators. In multisite WordPress setups common in large organizations or educational networks, the inability to rely on unfiltered_html restrictions increases the risk. Attackers could leverage this vulnerability to target staff or students, potentially leading to data leakage or reputational damage. Additionally, if attackers use this XSS to pivot to other internal systems or escalate privileges, the impact could extend beyond the WordPress environment. Given the widespread use of WordPress and LearnPress in Europe, the vulnerability could affect a broad range of sectors including education, government, and private enterprises that rely on WordPress-based LMS solutions.

Organizations should immediately verify their LearnPress plugin version and upgrade to version 4.2.7.5.1 or later once available. Until patches are released, administrators should restrict plugin management and content editing privileges to trusted personnel only. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts. Regularly audit admin accounts and monitor for suspicious activity. Employ web application firewalls (WAFs) with rules targeting stored XSS patterns specific to LearnPress. In multisite environments, review and tighten user role permissions and consider disabling unnecessary plugins or features that increase attack surface. Additionally, sanitize and validate all inputs in custom code or integrations with LearnPress. Conduct security awareness training for administrators to recognize potential exploitation attempts. Finally, maintain regular backups and have an incident response plan ready to address potential compromises stemming from this vulnerability.