Experts found critical flaws in 3 popular e-Learning WordPress Plugins

Security researchers from Check Point Research Team discovered critical vulnerabilities in three popular e-learning plugins for WordPress sites.

Security researchers at Check Point Research Team are warning of recently discovered vulnerabilities in some popular online learning management system (LMS) WordPress plugins. The impact could be serious because these WordPress plugins are used for WordPress sites by several organizations and universities use to offer online training courses, especially during the COVID-19 pandemic.

The impacted WordPress plugins are LearnPressLearnDash, and LifterLMS, the issued could be exploited by unauthenticated users, to steal personal information of registered users to achieve teacher privileges.

The 3 plugins are installed on more than 100,000 different educational platforms used by several universities such as the University of Florida, University of Michigan, University of Washington as well as hundreds of online academies. LearnPress and LifterLMS have been already downloaded over 1.6 million times.

“Our approach was to see if a motivated student can accomplish the childhood dream of every hacker – take control of his educational institution, get test answers and even change students’ grades.” reads the post published by Check Point.

Experts discovered multiple issues in the LearnPress plugin, including a blind SQL injection (CVE-2020-6010) and privilege escalation (CVE-2020-6011), that could allow an existing user to achieve a teacher’s role.

The issued affects Vulnerable LearnPress plugin versions prior 3.2.6.7.

“This vulnerability is a good example of legacy code forgotten behind resulting in a privilege escalation in the current design of the system.” reads the description for the CVE-2020-11511 flaw (Becoming a Teacher).

“The function learn_press_accept_become_a_teacher can be used to upgrade a registered user to a teacher role, resulting in a privilege escalation. Unexpectedly, the code doesn’t check the permissions of the requesting user, therefore letting any student call this function.”

Experts also discovered a SQL injection flaw (CVE-2020-6009) in the LearnDash WordPress plugin that could be exploited to trigger fake course enrollment transactions by crafting a malicious SQL query using PayPal’s Instant Payment Notification (IPN) message service simulator.

Coding

The researchers also discovered an arbitrary file write vulnerability (CVE-2020-6008) in the LifterLMS, it could allow a student registered for a specific course, to change their profile name by using a malicious piece of PHP code.

“In total, we found 4 vulnerabilities that were assigned CVE-2020-6008, CVE-2020-6009 and CVE-2020-6010 and one duplicate CVE-2020-11511.” continues the report.

“These vulnerabilities allow students and sometimes even unauthenticated users to gain sensitive information, edit personal records, and even take control of the LMS platforms.”

The development teams behind the three LMS systems have already released patches to address the issues.

Due to the recent popularity of the E-Learning platforms, experts urge users to upgrade to the latest versions of these platforms:

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X