Threat Watch

Multiple Vulnerabilities Found in WordPress E-Learning Plugins

In a blog post yesterday, the security company Check Point Research detailed multiple vulnerabilities in three WordPress LMS (Learning Management System) plugins. According to Check Point, LearnPress, LearnDash and LifterLMS “are installed on more than 100,000 different educational platforms and include universities such as the University of Florida, University of Michigan, University of Washington as well as hundreds of online academies.” In total, Check Point found four unique vulnerabilities against the different platforms:

  • LearnPress <= 3.2.6.7
    • CVE-2020-6010: SQL Injection
    • CVE-2020-11511: Privilege Escalation
  • LearnDash < 3.1.6
    • CVE-2020-6009: Unauthenticated Second-Order SQL Injection
  • LifterLMS < 3.37.15
    • CVE-2020-6008: Arbitrary File Write

ANALYST NOTES

Not only could the vulnerabilities be abused to change grades or retrieve test answers early, they could also be used to steal information on registered users and modify payment information. Binary Defense highly recommends that administrators of these platforms upgrade immediately. The latest versions of LearnPress and LifterLMS can be found on the official WordPress plugin site at https://wordpress.org/plugins/learnpress/ and https://wordpress.org/plugins/lifterlms/. LearnDash must be obtained from https://www.learndash.com/.

Source: https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins/