Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1250 | 1 Lifterlms | 1 Lifterlms | 2022-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24562 | 1 Lifterlms | 1 Lifterlms | 2021-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades | |||||
| CVE-2019-15896 | 1 Lifterlms | 1 Lifterlms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS. | |||||
| CVE-2021-24308 | 1 Lifterlms | 1 Lifterlms | 2021-06-03 | 3.5 LOW | 5.4 MEDIUM |
| The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile. | |||||
| CVE-2020-6008 | 1 Lifterlms | 1 Lifterlms | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution | |||||