WordPress Plugin Vulnerabilities

LifterLMS < 3.37.15 - Arbitrary File Writing

Description

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress WordPress plugin was affected by an Arbitrary File Writing security vulnerability.

Affects Plugins

Plugin icon
lifterlms
Fixed in 3.37.15

References

CVE
CVE-2020-6008
URL
https://plugins.trac.wordpress.org/changeset/2271040/lifterlms

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Omri Herscovici and Sagi Tzadik (Check Point Research)
Verified
No
WPVDB ID
ce17fb0c-5b7e-4aa1-a3c1-a5ebae406da9

Timeline

Publicly Published
2020-03-31 (about 5 years ago)
Added
2020-03-31 (about 5 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-05-14
Title
Insert or Embed Articulate Content into WordPress < 4.3000000025 - Author+ Upload to RCE
Published
2023-03-20
Title
JetEngine < 3.1.3.1 - Author+ Remote Code Execution
Published
2020-11-23
Title
Secure File Manager < 2.8.2 - Authenticated Remote Code Execution
Published
2014-05-11
Title
Formidable Forms Pro < 1.06.03 - Arbitrary File Upload via ofc_upload_image.php
Published
2025-07-01
Title
Custom Login And Signup Widget <= 1.0 - Authenticated (Administrator+) Remote Code Execution