ThreatPress

WordPress Vulnerabilities Database

Back

WordPress LifterLMS plugin <= 3.34.5 - Unauthenticated Options Import vulnerability

Product
LifterLMS
Description
Unauthenticated Options Import vulnerability found by Jerome Bruandet (Nintechnet) in WordPress LifterLMS plugin (versions <= 3.34.5).
Solution
Update the WordPress LifterLMS plugin to the latest available version (at least 3.35.1).
Classification
Type Unknown
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-2019-15896
Versions
Affected In <= 3.34.5
Fixed In 3.35.1
Disclosure date
2019-09-09
Credits
Jerome Bruandet (Nintechnet)
Submitter
ThreatPress