Vulnerabilities > Lifterlms > Lifterlms > 3.27.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-22 | CVE-2023-6160 | Path Traversal vulnerability in Lifterlms The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. | 6.7 |
2021-08-23 | CVE-2021-24562 | Authorization Bypass Through User-Controlled Key vulnerability in Lifterlms The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades | 7.5 |
2021-05-24 | CVE-2021-24308 | Cross-site Scripting vulnerability in Lifterlms The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. | 3.5 |
2020-03-31 | CVE-2020-6008 | Unrestricted Upload of File with Dangerous Type vulnerability in Lifterlms LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution | 7.5 |
2019-09-10 | CVE-2019-15896 | Improper Privilege Management vulnerability in Lifterlms An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. | 7.5 |