WordPress Plugin Vulnerabilities

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

Description

The plugin was affected by an IDOR issue, allowing students to see other student answers and grades

Proof of Concept

- Add 2 users with Student role for the scenario .
- Create A course With a quiz ( I picked True or Flase question for my quiz)
- Set Enrol on Free ( for the ease of scenario )
- Enrol into the Course with Student B and submit your answer to the Course .

The plugin will give a token like : https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK To Check your answer was true or false.

Now Login as a Student A and Enroll in the Course. You can just use the URL https://soft-dream.myliftersite.com/quiz/%d8%ac%d9%85%d8%b9-quiz/?attempt_key=wYK and reach the Student B answer.

Affects Plugins

Plugin icon
lifterlms
Fixed in 4.21.2

References

CVE
CVE-2021-24562
URL
https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Amirmuhammad vakili
Submitter
captain_hook
Submitter website
https://captainhoook.medium.com/
Verified
Yes
WPVDB ID
d45bb744-4a0d-4af0-aa16-71f7e3ea6e00

Timeline

Publicly Published
2021-05-17 (about 2 years ago)
Added
2021-07-22 (about 2 years ago)
Last Updated
2023-01-24 (about 10 months ago)

Other

Published
Title
Published
2021-03-31
Title
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
Published
2022-02-10
Title
Spiffy Calendar < 4.9.1 - Subscriber+ Arbitrary Event Edition/Deletion via IDOR
Published
2023-01-17
Title
WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access
Published
2022-03-29
Title
DW Question & Answer Pro < 1.3.7 - Arbitrary Comment Edition via IDOR
Published
2023-10-22
Title
wpDiscuz < 7.6.4 - Author+ IDOR