Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses 3.2.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 14, 2023

The WP Courses LMS Online Courses Builder is a plugin for WordPress which is used to create and manage online courses. A vulnerability has been discovered in all versions of this plugin up to and including version 3.2.3. This vulnerability allows an unauthenticated attacker to perform certain actions such as adding, deleting or renaming lesson modules without authorization. This is possible because the plugin does not have validation for certain functions which are connected to AJAX in the ~/ajax/ajax-lesson-order.php file. To exploit this vulnerability, an attacker must be able to trick a site administrator into clicking a malicious link.

Detected in:

WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.