Описание
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-11511
- https://cwe.mitre.org/data/definitions/862.html
- https://wordpress.org/plugins/learnpress/#developers
- https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress
- http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html
Связанные уязвимости
CVSS3: 8.1
nvd
больше 4 лет назад
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.