cleantalk
Vulnerabilities and Security Researches

LifterLMS – WordPress LMS Plugin for eLearning, CVE-2024-12596

CVE, Research URL

CVE-2024-12596

Home page URL

Security reports for LifterLMS – WordPress LMS Plugin for eLearning

Application

LifterLMS – WordPress LMS Plugin for eLearning

Published on
Dec 18, 2024
Research Description
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.
Affected versions
Min -, max 7.8.6.
Status
vulnerable
Previous vulnerability researches
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-31363) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2019-15896) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24562) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24308) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2020-6008) , Jun 07, 2024
New vulnerability
Simple Lightbox (CVE-2025-3516) , May 18, 2025
RS WP Book ShowCase – WordPress Book Gallery Plugin (Book Slider, Book Carousel, Book Grid, Book List)) (CVE-2025-48119) , May 18, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-48079) , May 18, 2025
Estatik Mortgage Calculator (CVE-2025-48136) , May 18, 2025
EventON (CVE-2025-48116) , May 18, 2025