cleantalk
Vulnerabilities and Security Researches

LifterLMS – WordPress LMS Plugin for eLearning, CVE-2024-0377

CVE, Research URL

CVE-2024-0377

Home page URL

Security reports for LifterLMS – WordPress LMS Plugin for eLearning

Application

LifterLMS – WordPress LMS Plugin for eLearning

Published on
Mar 13, 2024
Research Description
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.
Affected versions
Min -, max 7.5.2.
Status
vulnerable
Previous vulnerability researches
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-31363) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2019-15896) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24562) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24308) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2020-6008) , Jun 07, 2024
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025