Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

2020-04-30 10:00

Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more.

The flaws range in seriousness and impact, but could allow third-party attackers to steal personal information or target the financial payment methods that are tied to the platforms.

The flaw ranks 9.8 out of 10 on the CVSS scale, making it critical in severity.

Finally, researchers found an arbitrary file-write flaw in versions earlier than 3.37.15 of LifterLMS. The flaw exists due to the insufficient validation of files during file upload; remote attackers can leverage the flaw to execute code and effectively take over the learning platforms.

This flaw ranks 9.8 out of 10 on the CVSS scale, making it critical severity.

News URL

https://threatpost.com/critical-wordpress-e-learning-plugin-bugs-cheating/155290/

#critical #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578
Plugin		2	0	13	0	0	13

News URL

Related news

Related vendor