Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2024-1505
HistoryMar 13, 2024 - 4:15 p.m.

Privilege escalation

2024-03-1316:15:00
PRIOn knowledge base
www.prio-n.com
8
academy lms
wordpress plugin
privilege escalation
arbitrary user meta updates
authenticated attackers
minimal permissions

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.

Related

wordfence 2
cve 1
nvd 1
cvelist 1
wpvulndb 1
wordfence
wordfence
$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin
2024-02-21 20:11:37
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 19, 2024 to February 25, 2024)
2024-02-29 17:09:15
cve
cve
CVE-2024-1505
2024-03-13 16:15:23
nvd
nvd
CVE-2024-1505
2024-03-13 16:15:23
cvelist
cvelist
CVE-2024-1505
2024-03-13 15:27:10
wpvulndb
wpvulndb
Academy LMS – eLearning and online course solution for WordPress < 1.9.20 - Authenticated (Subscriber+) Privilege Escalation
2024-02-21 00:00:00

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for PRION:CVE-2024-1505
wordfence2cve1nvd1cvelist1wpvulndb1