Vulnerability Description
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lifterlms | Lifterlms | <= 3.34.5 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-ExploitThird Party Advisory
- https://wordpress.org/plugins/lifterlms/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9871Third Party Advisory
- https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-ExploitThird Party Advisory
- https://wordpress.org/plugins/lifterlms/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9871Third Party Advisory
FAQ
What is CVE-2019-15896?
CVE-2019-15896 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnera...
How severe is CVE-2019-15896?
CVE-2019-15896 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-15896?
Check the references section above for vendor advisories and patch information. Affected products include: Lifterlms Lifterlms.