Researchers Discover Multiple WordPress Security Exploits In Popular E-Learning Platforms
As the coronavirus pandemic continues around the world, everyone's lives have changed. The way we work and learn is significantly different now than it was only a few months ago as people shelter in place, and offices and schools around the globe have been forced to move to a distance model. Teaching from home has forced educational institutions everywhere to quickly move to online learning and to implement new systems to support the shift. Security researchers at Check Point Research decided to audit the security of several of the most popular Learning Management Systems (LMS) that are being used to deliver remote education for people of all ages.
The researchers say that most independent websites offering Learning Management Systems rely on WordPress, with three of the leading LMS plug-ins being LearnPress, LearnDash, and LifterLMS. Those three systems are installed on more than 100,000 different educational platforms such as the University of Florida, the University of Michigan, and the University of Washington. The team says that it wanted to see if a motivated student could take control of the educational institution's systems, get test answers, or change student grades.
In LearnPress, which is the second most popular LMS on the internet, the team did find a time-based blind SQL injection vulnerability, which they say is very trivial to identify and exploit. The teams says they were surprised to find this particular exploit, and while it is easy to spot, the vulnerability should not be underestimated as it has an impact on the system integrity that can result in the platform's takeover. A vulnerability that allowed a knowledgeable hacker to escalate privileges to become a teacher was discovered, but that was purged after a recent update.
LearnDash was also found to be vulnerable to a second-order SQL injection. The team says that crafting a specific SQL query could allow them to insert a malicious record into the system. LifterLMS was found to have a flaw that could allow a hacker to execute PHP code written in the user's first name field, effectively achieving code execution on the server. That could allow the user to steal personal information and allow the student to change grades, forge certificates, and escalate privileges to those of a teacher.
The security researchers say that they found a total of four vulnerabilities that allow students and sometimes even unauthenticated users to access sensitive information, steal personal records, and even take control of the LMS platforms. Anyone using these three LMS systems is urged upgrade to the latest versions that eliminate these security issues.