Security News > 2020 > April > Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites

Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites
2020-04-30 04:07

Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system plugins that various organizations and universities use to offer online training courses through their WordPress-based websites.

According to the Check Point Research Team, the three WordPress plugins in question - LearnPress, LearnDash, and LifterLMS - have security flaws that could permit students, as well as unauthenticated users, to pilfer personal information of registered users and even attain teacher privileges.

"The vulnerabilities found allow students, and sometimes even unauthenticated users, to gain sensitive information or take control of the LMS platforms."

LMS facilitates online learning via a software application that lets academic institutions and employers create course curriculum, share coursework, enroll students, and evaluate students with quizzes.

Plugins such as LearnPress, LearnDash, and LifterLMS make it easy by adapting any WordPress site to a fully functioning and easy-to-use LMS. The flaws in LearnPress range from blind SQL injection to privilege escalation, which can authorize an existing user to gain a teacher's role.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/NJWzisKT3kA/wordpress-lms-plugins.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159