CVE-2019-15896

Name of the Vulnerable Software and Affected Versions LifterLMS plugin versions prior to 3.35

Description An issue in the LifterLMS plugin allows for an unauthenticated options import, potentially leading to privilege escalation, including administrator account creation, website redirection, and stored XSS. This is due to a vulnerability in the upload import function within the class.llms.admin.import.php script.

Recommendations For versions prior to 3.35, update to version 3.35 or later to resolve the issue. As a temporary workaround, consider disabling the upload import function in the class.llms.admin.import.php script until a patch is available. Restrict access to the import functionality to minimize the risk of exploitation.