LifterLMS – WordPress LMS Plugin for eLearning WordPress Plugin Security Vulnerabilities | WPScan

8

May 2, 2024

10000

Published

2024-04-08

Title

LifterLMS < 7.5.1 - Cross-Site Request Forgery

Fixed in

Fixed in 7.5.1

CVSS

4.3 (medium)

Published

2024-02-27

Title

LifterLMS – WordPress LMS Plugin for eLearning < 7.5.2 - Missing Authorization via process_review

Fixed in

Fixed in 7.5.2

CVSS

5.3 (medium)

Published

2023-11-05

Title

LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion

Fixed in

Fixed in 7.5.0

CVSS

3.3 (low)

Published

2021-05-17

Title

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

Fixed in

Fixed in 4.21.2

CVSS

4.3 (medium)

Published

2021-05-10

Title

LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout

Fixed in

Fixed in 4.21.1

CVSS

6.1 (medium)

Published

2021-05-10

Title

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

Fixed in

Fixed in 4.21.1

CVSS

7.4 (high)

Published

2020-03-31

Title

LifterLMS < 3.37.15 - Arbitrary File Writing

Fixed in

Fixed in 3.37.15

CVSS

9.8 (critical)

Published

2019-09-09

Title

LifterLMS < 3.35.1 - Unauthenticated Options Import

Fixed in

Fixed in 3.35.1

CVSS

9.8 (critical)