Critical severity9.8NVD Advisory· Published Sep 10, 2019· Updated Jun 17, 2026
CVE-2019-15896
CVE-2019-15896
Description
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LifterLMS/LifterLMS plugindescription
Patches
Vulnerability mechanics
References
3- blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-plugin/nvdExploitThird Party Advisory
- wpvulndb.com/vulnerabilities/9871nvdThird Party Advisory
- wordpress.org/plugins/lifterlms/nvdRelease Notes
News mentions
0No linked articles in our index yet.