Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress by Unknown

    CVE-2021-24562 (GCVE-0-2021-24562)

    Vulnerability from nvd – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
    VLAI
    Title
    LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
    Summary
    The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
    Severity
    No CVSS data available.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Credits
    Amirmuhammad vakili
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:20.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.21.2",
                  "status": "affected",
                  "version": "4.21.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amirmuhammad vakili"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-23T11:10:14.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24562",
              "STATE": "PUBLIC",
              "TITLE": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.21.2",
                                "version_value": "4.21.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amirmuhammad vakili"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
                },
                {
                  "name": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/",
                  "refsource": "MISC",
                  "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24562",
        "datePublished": "2021-08-23T11:10:14.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:20.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24562 (GCVE-0-2021-24562)

    Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
    VLAI
    Title
    LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
    Summary
    The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
    Severity
    No CVSS data available.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Credits
    Amirmuhammad vakili
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:20.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.21.2",
                  "status": "affected",
                  "version": "4.21.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amirmuhammad vakili"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-23T11:10:14.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24562",
              "STATE": "PUBLIC",
              "TITLE": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.21.2",
                                "version_value": "4.21.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amirmuhammad vakili"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
                },
                {
                  "name": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/",
                  "refsource": "MISC",
                  "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24562",
        "datePublished": "2021-08-23T11:10:14.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:20.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }