Description
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently enroll in paid courses for free. WordPress Plugin Academy LMS-eLearning and online course solution for WordPress version 1.9.16 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.17 or latest
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2015-3175)
WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.0)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.9)
WordPress Plugin Smart Slider 3 PRO Cross-Site Scripting (3.5.0.8)
WordPress Plugin BackupBuddy Multiple Vulnerabilities (8.0.1.8)