CNNVD-202511-1672 Information
CNNVD ID
CNNVD-202511-1672
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes存在安全漏洞,该漏洞源于未正确验证用户身份,可能导致权限提升。以下版本受到影响:3.5.3版本至3.41.2版本、4.0.0版本至4.21.3版本、5.0.0版本至5.10.0版本、6.0.0版本至6.11.0版本、7.0.0版本至7.8.7版本、8.0.0版本至8.0.7版本、9.0.0版本至9.0.7版本和9.1.0版本。
Description (English)
WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. WordPress plugin is an application plugin. WordPress plugin LifterlMS – WP LMS for eLearning, Online Courts, & Quizzes have a security loophole, which originates from incorrect authentication of user identity, which may lead to enhanced privileges. The following versions were affected: 3.5.3 to 3.41.2, 4.0.0 to 4.21.3, 5.0.0 to 5.1.0, 6.0.0 to 6.1.0, 7.0.0 to 7.8.7, 8.0.0 to 8.0.7, 9.0.0 to 9.0.7 and 9.1.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
WordPress
Published
2025-11-13
Last Modified
2026-02-24
References
https://plugins.trac.wordpress.org/browser/lifterlms/trunk/libraries/lifterlms-rest/includes/abstracts/class-llms-rest-users-controller.php#L721 https://plugins.trac.wordpress.org/browser/lifterlms/trunk/libraries/lifterlms-rest/includes/server/class-llms-rest-students-controller.php#L386 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3393703%40lifterlms%2Ftrunk&old=3388956%40lifterlms%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/cc13d13c-6b79-4bf1-8e77-c8cb836dc0c5?source=cve
Patch
https://wordpress.org/plugins/lifterlms
Share on: