The vulnerability of the tutor_delete_announcement() function in the Tutor LMS plugin for WordPress content management system allows a user to elevate their privileges.

🗓️ 30 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in tutor_delete_announcement() in Tutor LMS WordPress enables remote privilege escalation.

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress Plugin Tutor LMS 安全漏洞	21 Mar 202400:00	–	cnnvd
CVE	CVE-2024-1502	12 Mar 202423:33	–	cve
Cvelist	CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion	12 Mar 202423:33	–	cvelist
EUVD	EUVD-2024-17250	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1502	21 Mar 202402:51	–	nvd
Patchstack	WordPress Tutor LMS Plugin <= 2.6.1 is vulnerable to Broken Access Control	12 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-3143 · WordPress · Tutor Lms	14 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1502	23 May 202508:21	–	redhatcve
Vulnrichment	CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion	12 Mar 202423:33	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)	21 Mar 202415:55	–	wordfence

Vulners

Node

wordpress tutor_lmsRange≤2.6.1

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tutor/tutor-lms-elearning-and-online-course-solution-261-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail

30 Apr 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 35.4

CVSS 25.5

EPSS0.00094

tutor delete announcement privilege escalation authentication flaws remote exploit tutor LMS plugin WordPress