Back to search
CVE-2020-7916
Published: Mar 16, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://wordpress.org/plugins/learnpress/#developers
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now