{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1505", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-14T18:48:20.849Z", "datePublished": "2024-03-13T15:27:10.817Z", "dateUpdated": "2024-08-11T13:44:58.994Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-13T15:27:10.817Z"}, "affected": [{"vendor": "academylms", "product": "Academy LMS \u2013 eLearning and online course solution for WordPress", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.9.19", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Academy LMS \u2013 eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-02-21T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.307Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "kodezen", "product": "academy_lms", "cpes": ["cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.19", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-13T18:38:50.360070Z", "id": "CVE-2024-1505", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-11T13:44:58.994Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.307Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-13T18:38:50.360070Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*"], "vendor": "kodezen", "product": "academy_lms", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.9.19"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-11T13:44:55.713Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "academylms", "product": "Academy LMS \u2013 eLearning and online course solution for WordPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.9.19"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-21T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473"}], "descriptions": [{"lang": "en", "value": "The Academy LMS \u2013 eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-13T15:27:10.817Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1505", "state": "PUBLISHED", "dateUpdated": "2024-08-11T13:44:58.994Z", "dateReserved": "2024-02-14T18:48:20.849Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-03-13T15:27:10.817Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7AFAFC9F-C68B-49FA-9465-F7AE2395CD3B", "versionEndExcluding": "1.9.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Academy LMS \u2013 eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator."}, {"lang": "es", "value": "El complemento Academy LMS \u2013 eLearning and online course solution for WordPress para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.9.19 incluida. Esto se debe al complemento que permite metaactualizaciones arbitrarias del usuario a trav\u00e9s de la funci\u00f3n save_user_info(). Esto hace posible que atacantes autenticados, con permisos m\u00ednimos, como estudiantes, eleven su rol de usuario al de administrador."}], "id": "CVE-2024-1505", "lastModified": "2025-01-22T20:57:20.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-03-13T16:15:23.893", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}