CVE-2024-1505

The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3037880/academy#file473	Patch
https://plugins.trac.wordpress.org/changeset/3037880/academy#file473	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*

History

22 Jan 2025, 20:57

Type	Values Removed	Values Added
CPE		cpe:2.3:a:kodezen:academy_lms::::::wordpress::*
CWE		NVD-CWE-noinfo
First Time		Kodezen academy Lms Kodezen
References	~~() https://plugins.trac.wordpress.org/changeset/3037880/academy#file473 -~~	() https://plugins.trac.wordpress.org/changeset/3037880/academy#file473 - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve - Third Party Advisory

13 Mar 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-13 16:15

Updated : 2025-01-22 20:57

NVD link : CVE-2024-1505

Mitre link : CVE-2024-1505

JSON object : View

Products Affected

kodezen

academy_lms

CWE

NVD-CWE-noinfo

JSON object

Attach tags to CVE-2024-1505

Attach tags to `CVE-2024-1505`