LifterLMS < 3.35.1 – Unauthenticated Options Import | CVE 2019-15896

Affects Plugins

lifterlms

Fixed in 3.35.1

References

CVE

CVE-2019-15896

URL

https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-plugin/

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-269

CVSS

9.8 (critical)

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Verified

No

WPVDB ID

6e76d82e-0a6e-4165-89f9-e70543aa872b

Timeline

Publicly Published

2019-09-09 (about 4 years ago)

Added

2019-09-09 (about 4 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2020-03-31

Title

WordPress SEO Plugin - Rank Math < 1.0.41 - Privilege Escalation via Unprotected REST API Endpoint

Published

2016-02-10

Title

Woocommerce Exporter < 1.8.4 - Privilege Esclation

Published

2016-02-18

Title

ElegantThemes - Privilege Escalation

Published

2017-11-27

Title

Elementor Page Builder < 1.8.0 - Authenticated Unrestricted Editing

Published

2023-05-02

Title

Easy Digital Downloads < 3.1.1.4.2 - Unauthenticated Privilege Escalation