Check Point uncovers flaws in online learning platforms

Researchers from Check Point have found serious vulnerabilities in the widely-used WordPress plugins that are used for large-scale online learning by top academic institutions and major businesses.

By exploiting the flaws in LearnPress, LearnDash and LifterLMS, students, as well as unauthenticated users, can abuse security flaws in order to steal personal information, siphon money and attain teacher privileges on the platform.

Check Point vulnerability research team leader, Omri Herscovici says, "Because of coronavirus, we're doing everything from our homes, including our formal learning. Students and employees logging into eLearning sites probably don't know just how dangerous that can be. We proved that hackers could easily take control of the entire eLearning platform. Top educational institutions, as well as many online academies, rely on the systems that we researched in order to run their entire online courses and training programs. The vulnerabilities found allow students, and sometimes even unauthenticated users, to gain sensitive information or take control of the LMS platforms. We urge the relevant educational establishments everywhere to check if they are using these plugins and update to the latest versions of them."

Researchers found the vulnerabilities over two weeks during March 2020. Check Point has responsibly disclosed each of the vulnerabilities in the respective platforms to the appropriate developers and all of the vulnerabilities have now been patched. Any IT teams running LMS platforms should check if they are using the affected plugins and update to the latest versions in order to close the vulnerabilities.

You can read more on the Check Point blog.

Image credit: maxkabakov/depositphotos.com