Arbitrary File Write Vulnerability in LifterLMS WordPress Plugin
CVE-2020-6008

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Lifterlms WordPress Plugin
Vendor: CVE Published:; 31 March 2020

Summary

The LifterLMS WordPress plugin, specifically versions prior to 3.37.15, is susceptible to an arbitrary file write vulnerability. This flaw allows an attacker to write arbitrary files to the server, potentially leading to remote code execution. The exploitation of this vulnerability can grant unauthorized access and control over the affected systems, highlighting the importance of keeping software updated to mitigate such risks.

Affected Version(s)

LifterLMS Wordpress Plugin < 3.37.15

References

https://wordpress.org/plugins/lifterlms/#developers

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2020
Vulnerability Reserved
Jan 7, 2020