Vulnerabilities in WordPress LMS plugins will allow attackers to impersonate teachers

Learning management system (LMS) plugins in WordPress are identified with several vulnerabilities that can be exploited to breach into the platform, steal test answers and alter the grades. With global pandemic, online education has become pivotal, facilitating teachers, students, trainers and other educational entities try to continue their routines as usual. 

Many educational websites own LifterLMS, LearnDash, and LearnPress, and are managed by the institutions. Around 100,000 websites are actively using this plugin to facilitate their online educational procedures. However, a few security researchers at Check Point have identified some pivotal vulnerabilities that could be exploited in the wild and have published a report today. In overall, the researchers have discovered four vulnerabilities that would allow hackers to steal personal information, alter payment models, modify grades, impersonate teachers, control tests, and finally even design and modify certificates. Vulnerabilities could be exploited using remote code execution without authentication, allowing a malicious actor to own the LMS platform.

More about the vulnerabilities

LearnPress 3.2.6.7 and earlier versions are vulnerable to a SQL injection (CVE-2020-6010), and this can be mitigated by effective SQL statements and user inputs of the same. The second vulnerable tracked as CVE-2020-6011, will allow attackers to impersonate the teacher by elevated privileges, which is possible using exploitation of the legacy code located within the solution. Furthermore, in lower versions of LearnDash, (below 3.1.6) the researchers identified a second order SQL injections and this could have been neglected with proper preparation of statements.

In LearnDash versions lower than 3.1.6, the researchers found an unauthenticated second-order SQL‌ injection (CVE-2020-6009) that is more difficult to exploit but could also have been prevented through prepared statements. Additionally, LifterLMS’s lower versions suffer from an arbitrary file write and this vulnerability is tracked as CVE-2020-6008. Versions below 3.37.15. The LifterLMS flaw could allow actors to execute remote codes on the server of the product. 

The below video shows how security researchers were able to exploit the flaws in the LMS plugins in WordPress.

Fixing the LMS vulnerabilities

Check Point researchers had already informed the LMS development team regarding the vulnerabilities and the developers have fixed the issues in the latest updates. So if you are using these plugins kindly update them to the latest versions to keep your system, teachers and students secured. It is unbelievable the hackers aren’t even letting go of the education sectors even during these crisis.

Education institutions need to build up their security over online platforms and ensure those applications are updated periodically to stay safe digitally during this crisis and still deliver their training and classes over online.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.