Unauthenticated Options Import Vulnerability in LifterLMS Plugin for WordPress

Unauthenticated Options Import Vulnerability in LifterLMS Plugin for WordPress

CVE-2019-15896 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.

Learn more about our Wordpress Pen Testing.