5.3
CVE-2024-10393
- EPSS 0.12%
- Veröffentlicht 21.11.2024 11:15:16
- Zuletzt bearbeitet 23.01.2025 17:04:21
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginTutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Mögliche Gegenmaßnahme
Tutor LMS – eLearning and online course solution: Update to version 2.7.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Tutor LMS – eLearning and online course solution
Version
*-2.7.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.316 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.