cleantalk
Vulnerabilities and Security Researches

LifterLMS – WordPress LMS Plugin for eLearning, CVE-2019-15896

CVE, Research URL

CVE-2019-15896

Home page URL

Security reports for LifterLMS – WordPress LMS Plugin for eLearning

Application

LifterLMS – WordPress LMS Plugin for eLearning

Published on
Sep 10, 2019
Research Description
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
Affected versions
Min -, max 4.21.1.
Status
vulnerable
Previous vulnerability researches
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-31363) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2019-15896) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24562) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24308) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2020-6008) , Jun 07, 2024
New vulnerability
Estatik Mortgage Calculator (CVE-2025-48136) , May 18, 2025
EventON (CVE-2025-48116) , May 18, 2025
Import Export For WooCommerce (CVE-2025-48144) , May 18, 2025
ValidateCertify – Free (CVE-2025-48115) , May 18, 2025
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2025-3201) , May 18, 2025