Description
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access other student grades/answers. WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes version 4.21.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 4.21.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:D45BB744-4A0D-4AF0-AA16-71F7E3EA6E00
https://plugins.svn.wordpress.org/lifterlms/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP-Spreadshirt-Gallery Cross-Site Scripting (1.3)
PHP upload arbitrary file disclosure vulnerability
Jboss EAP Other Vulnerability (CVE-2020-1710)
WordPress Plugin Advanced User Registration and Management Cross-Site Scripting (2.3.5)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)