CVE-2020-8615

Опубликовано: 04 фев. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 2.6

EPSS Низкий

Описание

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

Ссылки

http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://wpvulndb.com/vulnerabilities/10058
Third Party Advisory
https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
Third Party Advisory
https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/
Third Party Advisory
https://www.themeum.com/tutor-lms-updated-v1-5-3/
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://wpvulndb.com/vulnerabilities/10058
Third Party Advisory
https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
Third Party Advisory
https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/
Third Party Advisory
https://www.themeum.com/tutor-lms-updated-v1-5-3/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*

Версия до 1.5.3 (исключая)

EPSS

Процентиль: 91%

0.06895

Низкий

6.5 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-fc2p-p9fp-2rqf

github

больше 3 лет назад