CVE-2024-0377

Name of the Vulnerable Software and Affected Versions LifterLMS – WordPress LMS Plugin for eLearning versions up to, and including, 7.5.1

Description The issue allows unauthorized modification of data due to a missing capability check on the process review function. This enables unauthenticated attackers to publish an unrestricted number of reviews on the site.

Recommendations For versions up to, and including, 7.5.1, update to a version higher than 7.5.1 to resolve the issue. As a temporary workaround, consider disabling the process review function until a patch is available.