CVE-2020-11511Missing Authorization in Learnpress

CWE-862Missing AuthorizationCWE-269Improper Privilege Management3 documents3 sources
Severity
8.1HIGHNVD
EPSS
2.8%
top 13.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Thimpress Learnpress
Timeline
PublishedJul 30
Latest updateMay 24

Description

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDthimpress/learnpress< 3.2.6.9

🔴Vulnerability Details

2
GHSA
GHSA-q66w-3fc8-f2mr: The LearnPress plugin before 32022-05-24
CVEList
CVE-2020-11511: The LearnPress plugin before 32021-07-27
CVE-2020-11511 — Missing Authorization in Learnpress | cvebase