CVE-2024-1503

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 21, 2024

Summary

CVE-2024-1503 is a vulnerability found in the Tutor LMS plugin for WordPress, affecting all versions up to and including 2.6.1. This vulnerability allows unauthenticated attackers to deactivate the plugin and erase all data by exploiting a Cross-Site Request Forgery (CSRF) issue in the erase_tutor_data() function. To exploit this vulnerability, the attacker needs to trick a site administrator into performing an action, such as clicking on a link. The "Erase upon uninstallation" option must also be enabled for this attack to be successful. The risk score for this vulnerability is 5, with a base severity of MEDIUM.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1503 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options