As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
"Three popular WordPress plug-ins for online learning have significant software vulnerabilities that could allow attackers to access student information, steal money from course creators, or escalate their privileges to become teachers, according to an advisory published by security firm Check Point Software Technologies.
Researchers from the company analyzed three popular plug-ins — used by tens of thousands of schools, companies, and websites — to provide online courses and quiz capabilities. They discovered critical issues in each platform, including SQL injection, cross-site scripting, and the unrestricted ability to upload files. The company notified the creators of the plug-ins and each has produced a patched version, which closes the vulnerabilities on up-to-date platforms."