{“lastseen”:””,”description”:”The LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user’s identity prior to allowing them to modify their own role via the REST API. The permission check in the update_item_permissions_check() function returns true when a user updates their own account without verifying the role changes. This makes it possible for authenticated attackers, with student-level access and above, to escalate their privileges to administrator by updating their own roles array via a crafted REST API request. Another endpoint intended for instructors also provides an attack vector. Affected version ranges are 3.5.3-3.41.2, 4.0.0-4.21.3, 5.0.0-5.10.0, 6.0.0-6.11.0, 7.0.0-7.8.7, 8.0.0-8.0.7, 9.0.0-9.0.7, 9.1.0.”,”published”:”2025-11-13T03:27:39.431Z”,”modified”:”2025-11-13T03:27:39.431Z”,”type”:”cve”,”title”:”LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes – Various Versions – Authenticated (Student+) Privilege Escalation”,”source”:”Wordfence”,”references”:”https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc13d13c-6b79-4bf1-8e77-c8cb836dc0c5?source=cve\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/lifterlms\/trunk\/libraries\/lifterlms-rest\/includes\/server\/class-llms-rest-students-controller.php#L386\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/lifterlms\/trunk\/libraries\/lifterlms-rest\/includes\/abstracts\/class-llms-rest-users-controller.php#L721\\nhttps:\/\/plugins.trac.wordpress.org\/changeset?sfp_email=\\u0026sfph_mail=\\u0026reponame=\\u0026new=3393703%40lifterlms%2Ftrunk\\u0026old=3388956%40lifterlms%2Ftrunk\\u0026sfp_email=\\u0026sfph_mail=”,”id”:”CVE-2025-11923″,”bulletinFamily”:””,”cwe”:[“CWE-269″],”cvelist”:null,”sourceData”:”chrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 3.5.3\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 4.0.0\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 5.0.0\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 6.0.0\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 7.0.0\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 8.0.0\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 9.0.0\\nchrisbadgett LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes 9.1.0″,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes”,”version”:”3.5.3″,”vendor”:”chrisbadgett”,”ai_description”:”Privilege escalation vulnerability in LifterLMS plugin due to insufficient validation of user identity via REST API”,”ai_severity”:”High”,”ai_vendor”:”chrisbadgett”,”ai_product”:”LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes”,”ai_version”:”3.5.3-3.41.2, 4.0.0-4.21.3, 5.0.0-5.10.0, 6.0.0-6.11.0, 7.0.0-7.8.7, 8.0.0-8.0.7, 9.0.0-9.0.7, 9.1.0″,”ai_score”:8.8}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The LifterLMS \u2013 WP LMS for eLearning, Online Courses, \\u0026 Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,41,12,15,13,7,11,5],"class_list":["post-26091","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n