Description
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Academy LMS-eLearning and online course solution for WordPress version 1.9.19 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.20 or latest
References
Related Vulnerabilities
WordPress Plugin Advanced Booking Calendar SQL Injection (1.6.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1251)
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)
WordPress Plugin Elementor Pro Security Bypass (3.11.6)
Jboss EAP Improper Access Control Vulnerability (CVE-2013-4213)