Title: Reflected Cross Site Scripting
Last modified: March 18, 2026

---

# Reflected Cross Site Scripting

 *  Resolved [essentialsoflife](https://wordpress.org/support/users/essentialsoflife/)
 * (@essentialsoflife)
 * [1 month ago](https://wordpress.org/support/topic/reflected-cross-site-scripting-5/)
 * I was browsing vulnerabilities section and saw one listed that I have a question
   about.
 * I am using Ultimate Learning Pro plugin. There is a warning about a Reflected
   Cross Site Scripting (XSS) vulnerability. This is a plugin offering course lessons.
   It sounds like a significant security issue. Do I need to change this plugin 
   for a different LMS option?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [Jarno Vos](https://wordpress.org/support/users/jarnovos/)
 * (@jarnovos)
 * [1 month ago](https://wordpress.org/support/topic/reflected-cross-site-scripting-5/#post-18856309)
 * Hi [@essentialsoflife](https://wordpress.org/support/users/essentialsoflife/),
 * Thank you for reaching out to us about this.
 * Yes, there are **3** unpatched security vulnerabilities in the Ultimate Learning
   Pro plugin, which indeed includes an (Unauthenticated) Reflected XSS issue (more
   details here: [https://vulnerabilities.really-simple-security.com/plugin/indeed-learning-pro/2ea9f13a-b416-49c2-b975-bcbeb5511968](https://vulnerabilities.really-simple-security.com/plugin/indeed-learning-pro/2ea9f13a-b416-49c2-b975-bcbeb5511968)).
 * I would not recommend using that plugin until the issues are resolved by the 
   author of Ultimate Learning Pro. If the author does not patch these issues in
   a reasonable timeframe, you may want to consider uninstalling it and finding 
   a suitable replacement.
 * Kind regards, Jarno
 *  Plugin Support [Jarno Vos](https://wordpress.org/support/users/jarnovos/)
 * (@jarnovos)
 * [1 month ago](https://wordpress.org/support/topic/reflected-cross-site-scripting-5/#post-18857573)
 * Hi [@essentialsoflife](https://wordpress.org/support/users/essentialsoflife/),
 * I’ll mark the thread as resolved, as I suspect that the above reply contains 
   all of the information you require.
 * But please feel free to send us another message if you have any further questions!
 * Kind regards, Jarno

Viewing 2 replies - 1 through 2 (of 2 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Freflected-cross-site-scripting-5%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720)
 * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/)
 * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [Jarno Vos](https://wordpress.org/support/users/jarnovos/)
 * Last activity: [1 month ago](https://wordpress.org/support/topic/reflected-cross-site-scripting-5/#post-18857573)
 * Status: resolved