Description
WordPress Plugin LearnPress-WordPress LMS is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the role of all users to Instructor. WordPress Plugin LearnPress-WordPress LMS version 3.2.6.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.6.7 or latest
References
Related Vulnerabilities
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-17359)
WordPress Plugin WPtouch Cross-Site Scripting (3.7.5.3)
WordPress Plugin Link Library 'searchll' Parameter SQL Injection (5.2.1)
WordPress Plugin Easy Google Analytics for WordPress Cross-Site Request Forgery (1.6.0)