The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges. The plugins have been installed on more than 130,000 school websites, including those used by the University of Florida, University of Michigan and University of Washington. The flaws range in seriousness and impact, but could allow third-party attackers to steal personal information (such as names, emails, usernames and passwords) or target the financial payment methods tied to the platforms.
Source: https://threatpost.com/critical-wordpress-e-learning-plugin-bugs-cheating/155290/