Description
WordPress Plugin LearnPress-WordPress LMS is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the role of all users to Instructor. WordPress Plugin LearnPress-WordPress LMS version 3.2.6.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.6.7 or latest
References
Related Vulnerabilities
WordPress Plugin EditorMonkey Remote File Upload (2.5)
WordPress Plugin AdPlugg WordPress Ad Cross-Site Scripting (1.1.33)
WordPress Plugin Woo Import Export Arbitrary File Deletion (1.0)
WordPress Plugin DW Question & Answer Cross-Site Request Forgery (1.5.7)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)