3 matches found
WordPress Plugin 'LifterLMS' < 3.37.15 Arbitrary File Write
The WordPress application running on the remote host has a version of the 'LifterLMS' plugin that is prior to 3.37.15 and, thus, is affected by an arbitrary file write vulnerability that can allow the attackers to write and execute arbitrary PHP code on the server by changing their first name on...
CVE-2020-6008
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...
CVE-2020-6008
CVE-2020-6008 affects the WordPress LifterLMS plugin prior to 3.37.15. The vulnerability is an arbitrary file write that can lead to remote code execution; attackers could write and execute PHP code by manipulating a user’s first name. Public sources (NVD/Nessus-based findings) describe the affec...