Lucene search

[email protected]NVD:CVE-2020-8615

HistoryFeb 04, 2020 - 8:15 p.m.

CVE-2020-8615

2020-02-0420:15:14

CWE-352

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

Affected configurations

NVD

Node

themeumtutor_lmsRange<1.5.3wordpress

References

packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html

wpvulndb.com/vulnerabilities/10058

www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/

www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/

www.themeum.com/tutor-lms-updated-v1-5-3/

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for NVD:CVE-2020-8615

wpvulndb1 checkpoint_advisories1 packetstorm1 zdt1 exploitpack1 prion1 osv1 cvelist1 wpexploit1 nuclei1 cve1 exploitdb1