Описание
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.1 (исключая)
cpe:2.3:a:themeum:tutor_lms:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 68%
0.00579
Низкий
7.3 High
CVSS3
8.2 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.3
github
больше 1 года назад
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
EPSS
Процентиль: 68%
0.00579
Низкий
7.3 High
CVSS3
8.2 High
CVSS3
Дефекты
CWE-862