Lucene search

WpvulndbWPVDB-ID:D77D30DC-FC36-48A1-95D9-FC8F6E4994BC

HistoryMay 15, 2024 - 12:00 a.m.

Tutor LMS < 2.7.1 - Missing Authorization

2024-05-1500:00:00

wpscan.com

tutor lms

wordpress

vulnerability

unauthorized access

data modification

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

39.1%

JSON

Description The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.

References

www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

39.1%

JSON

Related for WPVDB-ID:D77D30DC-FC36-48A1-95D9-FC8F6E4994BC