CVE-2025-2290

Name of the Vulnerable Software and Affected Versions LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress versions up to, and including, 8.0.1

Description The issue is related to Unauthenticated Post Trashing due to a missing capability check on the delete access plan function and related AJAX calls. This allows unauthenticated attackers to change the status to "Trash" for every published post, limiting the availability of the website's content.

Recommendations For versions up to, and including, 8.0.1, update to a version higher than 8.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the delete access plan function and related AJAX calls until a patch is available.