CVE-2020-8615

MEDIUM NUCLEI

Tutor LMS <1.5.3 - CSRF

Title source: llm

Description

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

Exploits (1)

exploitdb WORKING POC

by Jinson Varghese Behanan · textwebappsphp

https://www.exploit-db.com/exploits/48151

View Code ZIP pw:eip

Nuclei Templates (1)

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery

MEDIUMVERIFIEDby r3Y3r53

Shodan: http.html:/wp-content/plugins/tutor/

FOFA: body=/wp-content/plugins/tutor/

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/10058

[Third Party Advisory] https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/

[Third Party Advisory] https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/

[Release Notes, Vendor Advisory] https://www.themeum.com/tutor-lms-updated-v1-5-3/

Scores

CVSS v3 6.5

EPSS 0.0867

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-352

Status published

Products (1)

themeum/tutor_lms < 1.5.3

Published Feb 04, 2020

Tracked Since Feb 18, 2026