Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8615Cross-Site Request Forgery in Tutor LMS

CWE-352Cross-Site Request Forgery6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
8.7%
top 7.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Themeum Tutor LMS
Timeline
PublishedFeb 4
Latest updateMay 24

Description

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDthemeum/tutor_lms< 1.5.3

🔴Vulnerability Details

2
GHSA
GHSA-fc2p-p9fp-2rqf: A CSRF vulnerability in the Tutor LMS plugin before 12022-05-24
CVEList
CVE-2020-8615: A CSRF vulnerability in the Tutor LMS plugin before 12020-02-04

💥Exploits & PoCs

2
Exploit-DB
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)2020-03-02
Nuclei
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery

💬Community

1
Bugzilla
CVE-2019-8615 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution2020-09-08
CVE-2020-8615 — Cross-Site Request Forgery in Tutor LMS | cvebase