Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2021-24562 (GCVE-0-2021-24562)

Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35

Title

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

Summary

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades

Severity ?

No CVSS data available.

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

WPScan

References

URL

Tags

	https://wpscan.com/vulnerability/d45bb744-4a0d-4a…	x_refsource_MISC
	https://make.lifterlms.com/2021/05/17/lifterlms-v…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Unknown	LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress	Affected: 4.21.2 , < 4.21.2 (custom)

Credits

Amirmuhammad vakili

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:20.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.21.2",
              "status": "affected",
              "version": "4.21.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Amirmuhammad vakili"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-23T11:10:14",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24562",
          "STATE": "PUBLIC",
          "TITLE": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.21.2",
                            "version_value": "4.21.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Amirmuhammad vakili"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
            },
            {
              "name": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/",
              "refsource": "MISC",
              "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24562",
    "datePublished": "2021-08-23T11:10:14",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:35:20.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24562 (GCVE-0-2021-24562)

Vulnerability from nvd – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35

Title

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

Summary

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades

Severity ?

No CVSS data available.

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

WPScan

References

URL

Tags

	https://wpscan.com/vulnerability/d45bb744-4a0d-4a…	x_refsource_MISC
	https://make.lifterlms.com/2021/05/17/lifterlms-v…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Unknown	LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress	Affected: 4.21.2 , < 4.21.2 (custom)

Credits

Amirmuhammad vakili

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:20.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.21.2",
              "status": "affected",
              "version": "4.21.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Amirmuhammad vakili"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-23T11:10:14",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24562",
          "STATE": "PUBLIC",
          "TITLE": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.21.2",
                            "version_value": "4.21.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Amirmuhammad vakili"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
            },
            {
              "name": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/",
              "refsource": "MISC",
              "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24562",
    "datePublished": "2021-08-23T11:10:14",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:35:20.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

2 vulnerabilities found for LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress by Unknown

CVE-2021-24562 (GCVE-0-2021-24562)

CVE-2021-24562 (GCVE-0-2021-24562)