Description
WordPress Plugin LMS by LifterLMS-Online Course, Membership & Learning Management System for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access other student grades/answers. WordPress Plugin LMS by LifterLMS-Online Course, Membership & Learning Management System for WordPress version 4.21.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 4.21.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:D45BB744-4A0D-4AF0-AA16-71F7E3EA6E00
https://plugins.svn.wordpress.org/lifterlms/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2014-2432 Vulnerability (CVE-2014-2432)
Apache HTTP Server CVE-2002-0392 Vulnerability (CVE-2002-0392)
Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5188)
Oracle Database Server CVE-2019-2909 Vulnerability (CVE-2019-2909)
WordPress Plugin Smart Email Alerts Cross-Site Scripting (1.0.10)