Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Lenxel Core for Lenxel(LNX) LMS 1.1

  • Severity: medium-risk
  • Status: Open
  • Publication: November 8, 2024

The Lenxel Core plugin for WordPress, used for Lenxel(LNX) LMS, has a security issue that allows hackers to inject harmful code through SVG file uploads. This can happen in all versions up to 1.1 because the plugin does not properly filter and protect user input. As a result, attackers with Author-level access or higher can add their own code to pages, which will run when a user opens the SVG file.

Detected in:

Lenxel Core – The Ultimate WordPress LMS Plugin: Create Engaging AI Course Modules and AI Course Lessons Automatically fixed vulnerable versions:
Lenxel Core AI LMS – The Ultimate WordPress LMS Plugin: Create Engaging AI Course Modules and AI Course Lessons Automatically fixed vulnerable versions:
Lenxel Core for Lenxel(LNX) LMS open vulnerable versions: >= * <= 1.2.3

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.