Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lifterlms lifterlms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-24308
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin prior to 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a...
Lifterlms Lifterlms
7.5
CVSSv2
CVE-2020-6008
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution
Lifterlms Lifterlms
7.5
CVSSv2
CVE-2019-15896
An issue exists in the LifterLMS plugin up to and including 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creati...
Lifterlms Lifterlms
1 Github repository
4.3
CVSSv2
CVE-2022-1250
The LifterLMS PayPal WordPress plugin prior to 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Lifterlms Lifterlms
NA
CVE-2023-6160
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager ac...
Lifterlms Lifterlms
5
CVSSv2
CVE-2021-24562
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin prior to 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
Lifterlms Lifterlms
NA
CVE-2024-31363
Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a up to and including 7.5.0.
NA
CVE-2024-0377
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for un...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started