CVE-2024-4351 - Vulnerability Details - OpenCVE

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Themeum	Tutor Lms

Configuration 1 [-]

cpe:2.3:a:themeum:tutor_lms:*:*:*:*:pro:wordpress:*:*

No data.

References

Link	Providers
https://www.themeum.com/product/tutor-lms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve

History

Wed, 22 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Themeum Themeum tutor Lms
Weaknesses		CWE-862
CPEs		cpe:2.3:a:themeum:tutor_lms:::::pro:wordpress::
Vendors & Products		Themeum Themeum tutor Lms

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-16T09:32:11.196Z

Updated: 2024-08-01T20:40:46.463Z

Reserved: 2024-04-30T15:42:23.426Z

Link: CVE-2024-4351

Vulnrichment

Updated: 2024-08-01T20:40:46.463Z

NVD

Status : Analyzed

Published: 2024-05-16T10:15:09.890

Modified: 2025-01-22T18:23:35.573

Link: CVE-2024-4351

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4351", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-30T15:42:23.426Z", "datePublished": "2024-05-16T09:32:11.196Z", "dateUpdated": "2024-08-01T20:40:46.463Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-16T09:32:11.196Z"}, "affected": [{"vendor": "themium", "product": "Tutor LMS Pro", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.7.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account."}], "title": "Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve"}, {"url": "https://www.themeum.com/product/tutor-lms/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Villu Orav"}], "timeline": [{"time": "2024-05-15T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-24T18:27:03.219634Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*"], "vendor": "themeum", "product": "tutor_lms", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.7.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:53:49.918Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:46.463Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve", "tags": ["x_transferred"]}, {"url": "https://www.themeum.com/product/tutor-lms/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve", "tags": ["x_transferred"]}, {"url": "https://www.themeum.com/product/tutor-lms/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:46.463Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-24T18:27:03.219634Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*"], "vendor": "themeum", "product": "tutor_lms", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.7.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T18:28:05.639Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Villu Orav"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "themium", "product": "Tutor LMS Pro", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.7.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-15T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve"}, {"url": "https://www.themeum.com/product/tutor-lms/"}], "descriptions": [{"lang": "en", "value": "The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-16T09:32:11.196Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4351", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:40:46.463Z", "dateReserved": "2024-04-30T15:42:23.426Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-16T09:32:11.196Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:pro:wordpress:*:*", "matchCriteriaId": "887F64DA-F70D-4111-BE6A-4F908EB59A00", "versionEndExcluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account."}, {"lang": "es", "value": "El complemento Tutor LMS Pro para WordPress es vulnerable al acceso no autorizado a los datos, la modificaci\u00f3n de los datos y la p\u00e9rdida de datos debido a la falta de verificaci\u00f3n de la funci\u00f3n \"autenticaci\u00f3n\" en todas las versiones hasta la 2.7.0 incluida. Esto permite que atacantes autenticados, con permisos de nivel de suscriptor o superior, obtengan el control de una cuenta de administrador existente."}], "id": "CVE-2024-4351", "lastModified": "2025-01-22T18:23:35.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-16T10:15:09.890", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://www.themeum.com/product/tutor-lms/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.themeum.com/product/tutor-lms/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}