#elearning #wordpress #cyberattack #cybersecurity

During the COVID-19 lockdown the use of e-leaning platforms(learning management systems, LMS) significantly increased. 
On Thursday the Check Point Research Team flagged that the three WordPress plugins (LearnPress, LearnDash and LifterLMS) have vulnerabilities (CVE-2020-6008, CVE-2020-6009, CVE-2020-6010, and CVE-2020-6011) which ranged from privilege escalation to remote code execution (RCE). 
According to the team: "These vulnerabilities allow regular students and sometimes even unauthenticated users to gain sensitive information or take control of the LMS platforms".
These three plugins are installed on approximately 100,000 different educational platforms, including major universities such as the University of Florida, the University of Michigan, and the University of Washington.
Earlier this month, a cross-site scripting (XSS) vulnerability was discovered in OneTone (Magee WP WP Theme). This vulnerability allowed attackers to inject malicious code into the settings area of the theme, resulting the creation of backdoor administrator accounts.