Description
WordPress Plugin LMS by LifterLMS-Online Course, Membership & Learning Management System for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access other student grades/answers. WordPress Plugin LMS by LifterLMS-Online Course, Membership & Learning Management System for WordPress version 4.21.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 4.21.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:D45BB744-4A0D-4AF0-AA16-71F7E3EA6E00
https://plugins.svn.wordpress.org/lifterlms/trunk/readme.txt