CVE-2020-11511: 
WordPress vulnerability analysis and mitigation

The LearnPress WordPress plugin before version 3.2.6.9 contained a privilege escalation vulnerability (CVE-2020-11511) that allowed remote attackers to escalate the privileges of any user to LP Instructor. The vulnerability was discovered in April 2020 and affected all versions of the plugin up to 3.2.6.8 (Wordfence, WPScan).

The vulnerability existed due to improper authorization checks in the plugin's functionality. Specifically, the 'accept-to-be-teacher' action parameter lacked proper capability checks and nonce verification. The 'LP Instructor' role grants the 'unfiltered_html' capability, which allows users to insert posts containing malicious JavaScript. The vulnerability received a CVSS score of 8.6 (High) (WPScan).

The vulnerability allowed attackers to elevate the privileges of any user to LP Instructor by sending a request to wp-admin/admin-post.php with the action parameter set to accept-to-be-teacher and specifying an arbitrary userid parameter. Since the LP Instructor role grants the unfilteredhtml capability, compromised accounts could be used to insert malicious JavaScript into posts (WPScan).

The vulnerability was patched in LearnPress version 3.2.6.9. Users are advised to update to this version or later to mitigate the risk (Wordfence).

The vulnerability was one of several critical bugs found in popular e-learning plugins for WordPress sites during early 2020, highlighting the increased importance of securing online learning platforms during the shift to remote education (Hacker News).