← Volver a CVEs
CVE-2021-24184
HIGH8.8
Descripcion
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/5/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
themeum:tutor_lms
Debilidades (CWE)
CWE-862CWE-862
Referencias
https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e(contact@wpscan.com)
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/(contact@wpscan.com)
https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.