An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-10T15:28:25

Updated: 2024-08-05T01:03:32.605Z

Reserved: 2019-09-03T00:00:00

Link: CVE-2019-15896

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-10T16:15:12.477

Modified: 2024-11-21T04:29:41.300

Link: CVE-2019-15896

cve-icon Redhat

No data.