{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T19:09:25.858","vulnerabilities":[{"cve":{"id":"CVE-2023-6160","sourceIdentifier":"security@wordfence.com","published":"2023-11-22T16:15:15.810","lastModified":"2026-04-08T18:18:34.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server."},{"lang":"es","value":"El complemento LifterLMS – WordPress LMS Plugin para eLearning para WordPress es vulnerable a Directory Traversal en versiones hasta la 7.4.2 incluida a través de la función Maybe_serve_export. Esto hace posible que atacantes autenticados, con acceso de administrador o administrador LMS y superior, lean el contenido de archivos CSV arbitrarios en el servidor, que pueden contener información confidencial, además de eliminar esos archivos del servidor."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":0.7,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":5.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"7.4.2","matchCriteriaId":"DA640B5C-2E10-4409-8D4B-966EF9155497"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/2989461/","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/changeset/2989461/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}