← Retour aux CVEs

CVE-2019-15896

CRITICAL

9.8

Description

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie9/10/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

lifterlms:lifterlms

Faiblesses (CWE)

CWE-306

References

https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-plugin/(cve@mitre.org)

https://wordpress.org/plugins/lifterlms/#developers(cve@mitre.org)

https://wpvulndb.com/vulnerabilities/9871(cve@mitre.org)

https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-plugin/(af854a3a-2127-422b-91ae-364da2661108)

https://wordpress.org/plugins/lifterlms/#developers(af854a3a-2127-422b-91ae-364da2661108)

https://wpvulndb.com/vulnerabilities/9871(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.