WordPress plugins bugs for online courses let students cheat.

    The popular WordPress plug-ins for creating Learning Management Systems (LMS) are full of vulnerabilities that can be used to monitor the platform, retrieve test responses and modify assessments.

    Nowadays, these platforms have become the main instrument for conducting courses. Teachers, professors and perhaps hundreds of thousands of students for hundreds of thousands of students rely on them to keep their education as close as possible to the normal level.

    Significant influence

    LearnPress, LearnDash and LifterLMS are part of at least 100,000 websites. Some are run by accredited institutions such as schools, academies and universities (Florida, Washington, Michigan); others are used by companies for training (paid or free of charge).

    Check Point’s security researchers found errors in the analysis of three WordPress plug-ins, the use of which is more or less trivial. They give technical details in a report released today.

    In total, they identified four drawbacks that could have been used to steal personal data (names, e-mail addresses, usernames, passwords), change payment methods, change numbers, falsify certificates, obtain tests in advance or be a teacher.

    Some vulnerabilities can be exploited without authentication and run remotely, i.e. a remote attacker can take over the LMS platform.

    Impairment losses

    LearnPress versions and earlier are vulnerable to Time-Based Blind SQL Injection (CVE-2020-6010), which is trivial to use and can be avoided by properly disinfecting user input with trained SQL operators.

    Using this number, authenticated users can search the system for hashed usernames and passwords. The cracking of passwords depends on how strong they are.

    Another failure on the same platform, turned off as CVE-2020-6011, allows an attacker to assume the role of teacher by increasing privileges in the system. This is possible thanks to the use of an outdated code that is still present in the product.

    In versions of LearnDash under 3.1.6, researchers found an unauthenticated second-order SQL injection (CVE-2020-6009) that is more difficult to use but can be avoided with pre-defined instructions.

    During the investigation of LifterLMS the researchers of Check Point Omri Gershovici and Saga Tzadik found that versions under 3.37.15 suffer from random file registration (CVE-2020-6008).

    An attacker could exploit this vulnerability simply by linking malicious PHP code to his name. This may allow them to run the code on the server via an implemented webshell.

    In the video below you can see how the researchers were able to exploit the vulnerabilities they found in the three LMS plug-ins for WordPress:

    Check Point informed the developers of the three plugins about the discovered vulnerabilities and also released new versions to solve the problems. It is highly recommended that the administrators of the sites using these plug-ins install the updates.

    Recent Articles

    How to Create a Transparent Background in GIMP

      Eradicating the background is among the most used graphic design procedures. There might be many the reason why you’ll wish to try this. For instance,...

    Multiple High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time

      Social media platform Twitter, earlier as we speak on Wednesday, was on hearth after it suffered one of many greatest cyberattacks in its historical...

    How to easily set up a DNS over the Nginx TLS Resolver on Ubuntu

      This tutorial shall be displaying you tips on how to arrange your individual DNS over TLS (DoT) resolver on Ubuntu with Nginx, so your...

    How to install Self-Hosted Accounting Software on Debian 10 Buster

      This tutorial can be displaying you find out how to set up Akaunting on Debian 10 Buster with Apache or Nginx internet server. Akaunting...

    How to Install Ubuntu Opera Browser

      Discover ways to set up Opera browser simply and safely on Ubuntu and Debian primarily based distributions. Opera browser was among the many first few...

    Related Stories