漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter
Vulnerability Description
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the course enrollment progress and completion data belonging to any instructor or administrator account on the site. This IDOR does not apply when the target user is a regular subscriber, as the guard correctly blocks cross-subscriber access; exploitation is limited to cases where the victim user holds the LP_TEACHER_ROLE or administrator role.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
ThimPress LearnPress 授权问题漏洞
Vulnerability Description
thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses是thimpress公司的WordPress LMS插件。 ThimPress LearnPress 4.3.9.1及之前版本存在授权问题漏洞,该漏洞源于对‘userId’参数的用户控制键验证缺失,存在不安全的直接对象引用,可能导致经过身份验证的攻击者查看属于教师或管理员账户的课程注册进度和完成数据。
CVSS Information
N/A
Vulnerability Type
N/A