Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts found critical flaws in 3 popular e-Learning WordPress Plugins

Security researchers from Check Point Research Team discovered critical vulnerabilities in three popular e-learning plugins for WordPress sites. Security researchers at Check Point Research Team are warning of recently discovered vulnerabilities in some popular online learning management system (LMS) WordPress plugins. The impact could be serious because these WordPress plugins are used for WordPress sites […]

e-learning WordPress plugin

Security researchers from Check Point Research Team discovered critical vulnerabilities in three popular e-learning plugins for WordPress sites.

Security researchers at Check Point Research Team are warning of recently discovered vulnerabilities in some popular online learning management system (LMS) WordPress plugins. The impact could be serious because these WordPress plugins are used for WordPress sites by several organizations and universities use to offer online training courses, especially during the COVID-19 pandemic.

The impacted WordPress plugins are LearnPressLearnDash, and LifterLMS, the issued could be exploited by unauthenticated users, to steal personal information of registered users to achieve teacher privileges.

The 3 plugins are installed on more than 100,000 different educational platforms used by several universities such as the University of Florida, University of Michigan, University of Washington as well as hundreds of online academies. LearnPress and LifterLMS have been already downloaded over 1.6 million times.

“Our approach was to see if a motivated student can accomplish the childhood dream of every hacker – take control of his educational institution, get test answers and even change students’ grades.” reads the post published by Check Point.

Experts discovered multiple issues in the LearnPress plugin, including a blind SQL injection (CVE-2020-6010) and privilege escalation (CVE-2020-6011), that could allow an existing user to achieve a teacher’s role.

The issued affects Vulnerable LearnPress plugin versions prior 3.2.6.7.

“This vulnerability is a good example of legacy code forgotten behind resulting in a privilege escalation in the current design of the system.” reads the description for the CVE-2020-11511 flaw (Becoming a Teacher).

“The function learn_press_accept_become_a_teacher can be used to upgrade a registered user to a teacher role, resulting in a privilege escalation. Unexpectedly, the code doesn’t check the permissions of the requesting user, therefore letting any student call this function.”

e-learning WordPress plugin

Experts also discovered a SQL injection flaw (CVE-2020-6009) in the LearnDash WordPress plugin that could be exploited to trigger fake course enrollment transactions by crafting a malicious SQL query using PayPal’s Instant Payment Notification (IPN) message service simulator.

The researchers also discovered an arbitrary file write vulnerability (CVE-2020-6008) in the LifterLMS, it could allow a student registered for a specific course, to change their profile name by using a malicious piece of PHP code.

“In total, we found 4 vulnerabilities that were assigned CVE-2020-6008, CVE-2020-6009 and CVE-2020-6010 and one duplicate CVE-2020-11511.” continues the report.

“These vulnerabilities allow students and sometimes even unauthenticated users to gain sensitive information, edit personal records, and even take control of the LMS platforms.”

The development teams behind the three LMS systems have already released patches to address the issues.

Due to the recent popularity of the E-Learning platforms, experts urge users to upgrade to the latest versions of these platforms:

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Facebook, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]