CVE-2023-6160

LOW

LifterLMS < 7.4.2 - Authenticated Path Traversal via maybe_serve_export Function

Title source: llm

Description

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server.

References (2)

Core 2

Core References

Third Party Advisory

https://plugins.trac.wordpress.org/changeset/2989461/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=cve

Scores

CVSS v3 3.3

EPSS 0.0082

EPSS Percentile 52.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

chrisbadgett/LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes < 7.4.2

lifterlms/lifterlms < 7.4.2

Published Nov 22, 2023

Tracked Since Feb 18, 2026