Vulnerability Description
The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kodezen | Academy Lms | < 1.9.20 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3037880/academy#file473Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4bThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/3037880/academy#file473Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4bThird Party Advisory
FAQ
What is CVE-2024-1505?
CVE-2024-1505 is a vulnerability with a CVSS score of 8.8 (HIGH). The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allo...
How severe is CVE-2024-1505?
CVE-2024-1505 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1505?
Check the references section above for vendor advisories and patch information. Affected products include: Kodezen Academy Lms.