Directory Traversal Vulnerability in LifterLMS WordPress Plugin
CVE-2023-6160

3.3LOW

Key Information:

Vendor: Wordpress
Status: Lifterlms – WordPress Lms Plugin For Elearning
Vendor: CVE Published:; 22 November 2023

Summary

The LifterLMS plugin for WordPress is susceptible to a directory traversal vulnerability that can be exploited by authenticated users with administrator or LMS manager privileges. By leveraging the maybe_serve_export function, attackers can gain unauthorized access to read confidential CSV files stored on the server, which may contain sensitive information. Furthermore, this vulnerability also allows malicious actors to delete these files from the server, posing a significant risk to the integrity and confidentiality of data.

Affected Version(s)

LifterLMS – WordPress LMS Plugin for eLearning * <= 7.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2989461/

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Nov 15, 2023

Credit

Hüseyin TINTAŞ