LifterLMS < 7.5.0 – Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion | CVE 2023-6160 | Plugin Vulnerabilities

Description

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server.

Affects Plugins

Fixed in 7.5.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/6d0fcd82-6d4a-454f-8056-a896e8d41d00

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Hüseyin TINTAŞ

Verified

No

WPVDB ID

7b253011-9af7-4ad7-956a-bfa298adabf8

Timeline

Publicly Published

2023-11-05 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2014-12-07

Title

ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)

Published

2023-12-26

Title

Store Locator WordPress < 1.4.15 - Admin+ Arbitrary File Deletion

Published

2026-03-19

Title

ilGhera Carta Docente for WooCommerce < 1.5.1 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter

Published

2015-05-19

Title

Simple Backup <= 2.7.10 - Arbitrary File Download

Published

2025-10-24

Title

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings < 8.4.9 - Authenticated (Subscriber+) Arbitrary File Move