CVE-2020-8615

Published: Feb 4, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

Affected (1)

Products: Themeum: Tutor Lms

Themeum

1 product

Tutor Lms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Themeum Tutor Lms	Before 1.5.3

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://wpvulndb.com/vulnerabilities/10058

Source: cve@mitre.org

Third Party Advisory

https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/

Source: cve@mitre.org

Third Party Advisory

https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/

Source: cve@mitre.org

Third Party Advisory

https://www.themeum.com/tutor-lms-updated-v1-5-3/

Source: cve@mitre.org

Release NotesVendor Advisory

http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html