nvd-json-data-feeds/CVE-2021/CVE-2021-241xx/CVE-2021-24184.json

{
  "id": "CVE-2021-24184",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2021-04-05T19:15:16.577",
  "lastModified": "2022-05-03T13:05:17.647",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Several AJAX endpoints in the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions."
    },
    {
      "lang": "es",
      "value": "Varios endpoints AJAX en el plugin de WordPress Tutor LMS - eLearning and online course solution versiones anteriores a 1.7.7, estaban desprotegidos, permitiendo a los estudiantes modificar la informaci\u00f3n del curso y elevar sus privilegios entre muchas otras acciones"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "1.7.7",
              "matchCriteriaId": "7AD21F1B-94BF-4BD3-AF90-8D3310510363"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}