CVE-2020-11511

Name of the Vulnerable Software and Affected Versions LearnPress plugin versions prior to 3.2.6.9 for WordPress

Description The issue allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

Recommendations For versions prior to 3.2.6.9, update to version 3.2.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the accept-to-be-teacher action parameter until the update is applied.