179 matches found
WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR
Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Date: 2021-05-17 Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR...
WordPress LifterLMS 4.21.1 Plugin - Access Other Student Grades/Answers via IDOR Vulnerability
Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR issue, allowing...
WordPress LifterLMS 4.21.1 Insecure Direct Object Reference
Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Date: 2021-05-17 Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR...
WordPress LifterLMS 4.21.0 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored and triggered in...
WordPress LifterLMS 4.21.0 Cross Site Scripting
Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...
WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...
CVE-2021-24308
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...
Cross site scripting
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...
CVE-2021-24308 LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...
CVE-2021-24308
CVE-2021-24308 affects WordPress plugin LifterLMS (LMS by LifterLMS) before version 4.21.1. The issue is a stored XSS in the State field of the Edit Profile page, where input is not properly sanitized when rendered in the About section, potentially allowing low-privilege users (e.g., students) to...
LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
The plugin was affected by an IDOR issue, allowing students to see other student answers and grades - Add 2 users with Student role for the scenario . - Create A course With a quiz I picked True or Flase question for my quiz - Set Enrol on Free for the ease of scenario - Enrol into the Course wit...
LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
The plugin was affected by an IDOR issue, allowing students to see other student answers and grades PoC - Add 2 users with Student role for the scenario . - Create A course With a quiz I picked True or Flase question for my quiz - Set Enrol on Free for the ease of scenario - Enrol into the...
WordPress LMS by LifterLMS plugin <= 4.21.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Amirmuhammad Vakili in WordPress LMS by LifterLMS plugin versions = 4.21.0. Solution Update the WordPress LMS by LifterLMS plugin to the latest available version at least 4.21.1...
LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout
The plugin did not properly sanitise the coupon code during checkout before outputting in back the error message in the page, leading to a reflected Cross-Site Scripting issue...
WordPress LifterLMS plugin <= 4.21.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ashish Jha Bluefire Redteam in WordPress LifterLMS plugin versions = 4.21.0. Solution Update the WordPress LifterLMS plugin to the latest available version at least 4.21.1...
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...
LifterLMS Plugin for WordPress < 3.37.15 Arbitrary File Write
The WordPress LifterLMS Plugin installed on the remote host is affected by an arbitrary file write vulnerability that can allow the attackers to write and execute arbitrary PHP code on the server by changing their first name on their profile to PHP code. Note that the scanner has not tested for...
WordPress LifterLMS Plugin < 3.37.15 Arbitrary File Write Vulnerability
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress LifterLMS Plugin < 3.35.0 Unauthenticated Options Import Vulnerability
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...