Security News > 2020 > April > Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more.
The flaws range in seriousness and impact, but could allow third-party attackers to steal personal information or target the financial payment methods that are tied to the platforms.
The flaw ranks 9.8 out of 10 on the CVSS scale, making it critical in severity.
Finally, researchers found an arbitrary file-write flaw in versions earlier than 3.37.15 of LifterLMS. The flaw exists due to the insufficient validation of files during file upload; remote attackers can leverage the flaw to execute code and effectively take over the learning platforms.
This flaw ranks 9.8 out of 10 on the CVSS scale, making it critical severity.
News URL
https://threatpost.com/critical-wordpress-e-learning-plugin-bugs-cheating/155290/