CVE-2026-24361 is a stored cross-site scripting (XSS) vulnerability identified in the ThimPress LearnPress – Course Review plugin, affecting all versions up to and including 4.1.9. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, specifically within the course review functionality. This flaw allows an attacker to inject malicious JavaScript code into course reviews, which is then stored persistently and executed in the browsers of users who view the affected pages. Stored XSS is particularly dangerous because it does not require the attacker to trick users into clicking malicious links; the payload is delivered automatically when the vulnerable content is loaded. Potential consequences include session hijacking, theft of cookies or credentials, unauthorized actions performed on behalf of users, and the possibility of delivering further malware. The vulnerability does not currently have a CVSS score or known exploits in the wild, but its characteristics indicate a high risk. The affected product, LearnPress, is a popular WordPress plugin used to create and manage online courses, making this vulnerability relevant to educational institutions and e-learning providers. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for interim mitigations. The vulnerability was published on January 22, 2026, by Patchstack, a known security vendor specializing in WordPress plugin vulnerabilities.

For European organizations, especially those operating e-learning platforms using WordPress and the LearnPress plugin, this vulnerability poses a significant risk to user data confidentiality and platform integrity. Exploitation could lead to unauthorized access to user accounts, data leakage, and potential defacement or manipulation of course content. Educational institutions, training providers, and corporate learning departments could face reputational damage, regulatory scrutiny under GDPR due to data breaches, and operational disruptions. The stored nature of the XSS means that multiple users can be affected once the malicious script is injected, amplifying the impact. Additionally, attackers might leverage this vulnerability to pivot to other parts of the network or to conduct phishing campaigns targeting users of the platform. Given the widespread use of WordPress in Europe and the popularity of LearnPress for online education, the threat surface is considerable. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks.

1. Monitor official ThimPress and WordPress plugin repositories for updates and apply patches promptly once available. 2. Until a patch is released, implement strict input validation and sanitization on all user-generated content, especially course reviews, to block malicious scripts. 3. Employ robust output encoding techniques to ensure that any user input rendered on web pages is safely escaped. 4. Configure Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 5. Limit user permissions to only those necessary for submitting reviews to reduce the attack surface. 6. Conduct regular security audits and penetration testing focused on web application vulnerabilities. 7. Educate platform administrators and users about the risks of XSS and encourage vigilance against suspicious activity. 8. Use Web Application Firewalls (WAF) with rules designed to detect and block XSS payloads targeting LearnPress. 9. Consider temporarily disabling the course review feature if feasible until a secure update is deployed. 10. Maintain comprehensive logging and monitoring to detect exploitation attempts early.