Description
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access other student grades/answers. WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes version 4.21.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 4.21.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:D45BB744-4A0D-4AF0-AA16-71F7E3EA6E00
https://plugins.svn.wordpress.org/lifterlms/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Portfolio Responsive Gallery SQL Injection (1.1.7)
Oracle Database Server CVE-2010-4423 Vulnerability (CVE-2010-4423)
MySQL CVE-2021-35632 Vulnerability (CVE-2021-35632)
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Scripting (2.3.18)
WordPress Plugin verwei.se-WordPress-Twitter Cross-Site Scripting (1.0.2)