2 matches found
WordPress LifterLMS plugin <= Various versions - Authenticated (Student+) Privilege Escalation vulnerability
Authenticated Student+ Privilege Escalation vulnerability discovered by shark3y in WordPress Plugin LifterLMS versions 9.1.0...
CVE-2025-11923 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...