CVE-2024-5784

NVD Published Date: August 30, 2024 at 04:15 AM
NVD Last Modified: September 03, 2024 at 02:48 PM
Download Patch
Vulnerability ID
CVE-2024-5784
Severity
MEDIUM
Severity Score
6.3
Summary
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE ID
CWE-862

Recent Publish

CVE-2024-3998

CVE-2024-2694

CVE-2024-5879

CVE-2024-8333

CVE-2024-3673

CVE-2024-39300

See SecOps Solution
in action

Schedule Demo