WordPress Plugin Vulnerabilities

WP Courses LMS < 3.2.4 - Subscriber+ Arbitrary Options Update

Description

The plugin is vulnerable to unauthorized modification of data due to missing capability check on the wpc_save_fe_option() function hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation on most instances.

Affects Plugins

Plugin icon
wp-courses
Fixed in 3.2.4

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8a6f7952-cb64-4cff-aae7-0f03692cd95f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
e79a3d3a-e4ad-4013-953f-b8bc838cbc90

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2024-01-17 (about 2 years ago)
Last Updated
2024-01-17 (about 2 years ago)

Other

Published
Title
Published
2025-12-31
Title
Conformer for Elementor < 1.0.8 - Missing Authorization
Published
2026-02-09
Title
Dating <= 11.2.0 - Missing Authorization
Published
2024-06-03
Title
Upload Fields for WPForms <= 1.0.2 - Missing Authorization
Published
2024-02-12
Title
MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update
Published
2024-06-07
Title
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update