Plugin icon

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

lifterlms

Vulnerabilities:

15

Last Updated:

February 3, 2026

Active Installs:

10000

Published
Title
Fixed in
CVSS
Published
2025-11-12
Title
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation
Fixed in
Fixed in 9.1.1
CVSS
8.8 (high)
Published
2025-07-01
Title
LifterLMS < 8.0.7 - Unauthenticated SQL Injection
Fixed in
Fixed in 8.0.7
CVSS
7.5 (high)
Published
2025-03-18
Title
LifterLMS < 8.0.2 - Missing Authorization to Unauthenticated Post Trashing
Fixed in
Fixed in 8.0.2
CVSS
5.3 (medium)
Published
2024-12-17
Title
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes < 7.8.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
Fixed in
Fixed in 7.8.6
CVSS
4.3 (medium)
Published
2024-12-08
Title
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes < 8.0.1 - Reflected XSS
Fixed in
Fixed in 8.0.1
CVSS
7.1 (high)
Published
2024-09-05
Title
LifterLMS < 7.7.6 - Authenticated (Admin+) SQL Injection
Fixed in
Fixed in 7.7.6
CVSS
7.2 (high)
Published
2024-06-04
Title
LifterLMS – WordPress LMS Plugin for eLearning < 7.6.3 - Authenticated (Contributor+) SQL Injection via Shortcode
Fixed in
Fixed in 7.6.3
CVSS
9.8 (critical)
Published
2024-04-08
Title
LifterLMS < 7.5.1 - Cross-Site Request Forgery
Fixed in
Fixed in 7.5.1
CVSS
4.3 (medium)
Published
2024-02-27
Title
LifterLMS – WordPress LMS Plugin for eLearning < 7.5.2 - Missing Authorization via process_review
Fixed in
Fixed in 7.5.2
CVSS
5.3 (medium)
Published
2023-11-05
Title
LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion
Fixed in
Fixed in 7.5.0
CVSS
3.3 (low)
Published
2021-05-17
Title
LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
Fixed in
Fixed in 4.21.2
CVSS
4.3 (medium)
Published
2021-05-10
Title
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
Fixed in
Fixed in 4.21.1
CVSS
7.4 (high)
Published
2021-05-10
Title
LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout
Fixed in
Fixed in 4.21.1
CVSS
6.1 (medium)
Published
2020-03-31
Title
LifterLMS < 3.37.15 - Arbitrary File Writing
Fixed in
Fixed in 3.37.15
CVSS
9.8 (critical)
Published
2019-09-09
Title
LifterLMS < 3.35.1 - Unauthenticated Options Import
Fixed in
Fixed in 3.35.1
CVSS
9.8 (critical)