Common Vulnerabilities and Exposures

CVE vulnerability data CVE-2021-24184

CVE-2021-24184

Summary

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.

References

Vulnerable Configurations

  • cpe:2.3:a:themeum:tutor_lms:1.0.0:-:*:*:*:wordpress:*:*
  • cpe:2.3:a:themeum:tutor_lms:1.0.0:alpha:*:*:*:wordpress:*:*

Access

Vector Complexity Authentication
NETWORK LOW SINGLE

Impact

Confidentiality Integrity Availability
PARTIAL PARTIAL PARTIAL

Exploitability v3.1

Attack Complexity Attack vector Privileges Required Scope User Interaction
LOW NETWORK LOW UNCHANGED NONE

Impact v3.1

Confidentiality Integrity Availability
HIGH HIGH HIGH
Related Articles