CVE-2020-6008
CRITICAL EXPLOITEDLifterLMS < 3.37.15 - Unauthenticated Arbitrary File Write and Remote Code Execution
Title source: llmExploitation Summary
CVE-2020-6008 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution
References (1)
Core 1
Core References
Product, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/lifterlms/#developers
Scores
CVSS v3
9.8
EPSS
0.0378
EPSS Percentile
88.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-01-31
CWE
CWE-434
Status
published
Products (1)
lifterlms/lifterlms
< 3.37.15
Published
Mar 31, 2020
Tracked Since
Feb 18, 2026