WordPress security flaws hit online learning platforms

Person working on a WordPress post
(Image credit: Pixabay)

Researchers have revealed worrying security flaws in three leading WordPress plugins - LearnPress, LearnDash and LifterLMS - deployed by top academic institutions and Fortune 500 companies for delivering remote learning sessions.

According to Check Point Research, these plugins, which help convert a website to a full-fledged online Learning Management System, can be hit by serious vulnerabilities like Remote Code Execution and SQL Injection that can be used to steal personal data, make changes to the account privileges, siphon off money and more.

These flaws were discovered during a two-week timeframe in March  and have been patched by the platforms once reported by the researchers.  

LMS plugin vulnerability

Due to the coronavirus lockdown, most educational institutions have set up online classrooms to ensure studies are not impacted. While several organisations have opted for virtual classroom sessions via video-conferencing tools like Microsoft Teams or Zoom, many others use online learning platforms to conduct regular classes.

Top colleges and universities like the University of Florida, University of Michigan, University of Washington, are among 100,000 different educational institutes that use either of the three vulnerable plugins on their websites.

“We proved that hackers could easily take control of the entire eLearning platform. Top educational institutions, as well as many online academies, rely on the systems that we researched in order to run their entire online courses and training programs," Check Point researcher Omri Herscovici said.

“The detected vulnerabilities allow students, and sometimes even unauthenticated users, to gain sensitive information or take control of the LMS platforms. We urge the relevant educational establishments everywhere to check if they are using these plugins and update to the latest versions of them,” he added.

It was revealed that virtually anyone could exploit the flaws found in these plugins allowing them to easily change their or their peers' grades, forge certificates, retrieve test answers apart from stealing user data or transferring money to unauthorised accounts.

To ensure the security of accounts, experts have advised the institutes to use the updated versions of these plugins.

TOPICS
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound