Medium severity5.3NVD Advisory· Published Mar 13, 2024· Updated Apr 8, 2026

CVE-2024-0377

Description

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.

Affected products

Lifterlms/Lifterlms
cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*
Range: <7.5.2

Patches

6f75b491fd15

https://github.com/gocodebox/lifterlmsvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.phpnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.003
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000