CVE-2024-1505

{"id": "CVE-2024-1505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-03-13T16:15:23.893", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Academy LMS \u2013 eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator."}, {"lang": "es", "value": "El complemento Academy LMS \u2013 eLearning and online course solution for WordPress para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.9.19 incluida. Esto se debe al complemento que permite metaactualizaciones arbitrarias del usuario a trav\u00e9s de la funci\u00f3n save_user_info(). Esto hace posible que atacantes autenticados, con permisos m\u00ednimos, como estudiantes, eleven su rol de usuario al de administrador."}], "lastModified": "2025-01-22T20:57:20.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7AFAFC9F-C68B-49FA-9465-F7AE2395CD3B", "versionEndExcluding": "1.9.20"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}