2 matches found
CVE-2023-6160
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read t...
CVE-2023-6160
The CVE-2023-6160 issue affects the LifterLMS WordPress plugin (versions up to 7.4.2). The root cause is a Directory Traversal in the maybe_serve_export function, allowing authenticated users with administrator or LMS manager access to read arbitrary server CSV files and to remove those files. Ex...