cleantalk
Vulnerabilities and Security Researches

LifterLMS – WordPress LMS Plugin for eLearning, CVE-2025-2290

CVE, Research URL

CVE-2025-2290

Home page URL

Security reports for LifterLMS – WordPress LMS Plugin for eLearning

Application

LifterLMS – WordPress LMS Plugin for eLearning

Published on
Mar 19, 2025
Research Description
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to "Trash" for every published post, therefore limiting the availability of the website's content.
Affected versions
Min -, max 8.0.2.
Status
vulnerable
Previous vulnerability researches
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-31363) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2019-15896) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24562) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2021-24308) , Jun 07, 2024
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2020-6008) , Jun 07, 2024
New vulnerability
RS WP Book ShowCase – WordPress Book Gallery Plugin (Book Slider, Book Carousel, Book Grid, Book List)) (CVE-2025-48119) , May 18, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-48079) , May 18, 2025
Estatik Mortgage Calculator (CVE-2025-48136) , May 18, 2025
EventON (CVE-2025-48116) , May 18, 2025
Import Export For WooCommerce (CVE-2025-48144) , May 18, 2025