exploitDog

CVE-2024-4223

Опубликовано: 16 мая 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.

Ссылки

https://plugins.trac.wordpress.org/changeset/3086489/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3086489/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*

Версия до 2.7.1 (исключая)

EPSS

Процентиль: 84%

0.02228

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-xmv2-92jh-84fp

CVSS3: 9.8

github

больше 1 года назад

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.

EPSS

Процентиль: 84%

0.02228

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-862