CVE-2024-0377

Source
https://cve.org/CVERecord?id=CVE-2024-0377
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0377.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0377
Published
2024-03-13T15:27:16.088Z
Modified
2026-07-15T01:49:09.488643023Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review
Details

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0377.json",
    "cwe_ids": [
        "CWE-284"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "7.5.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "Wordfence"
}
References

Affected packages

Git / github.com/gocodebox/lifterlms

Affected ranges

Type
GIT
Repo
https://github.com/gocodebox/lifterlms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.5.2"
        }
    ]
}

Affected versions

1.*
1.0.0
1.1.1
1.2.4
1.2.5
1.2.6
1.3.0
1.3.10
1.3.2
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
3.*
3.0.0-beta.1
3.0.0-beta.2
3.0.0-beta.3
3.0.0-beta.4
3.0.0-beta.5
3.20.0-beta.1
@lifterlms/brand@0.*
@lifterlms/brand@0.0.1
@lifterlms/brand@0.0.2
@lifterlms/dev@0.*
@lifterlms/dev@0.0.4-alpha.0
@lifterlms/llms-e2e-test-utils@1.*
@lifterlms/llms-e2e-test-utils@1.1.1
@lifterlms/llms-e2e-test-utils@2.*
@lifterlms/llms-e2e-test-utils@2.0.0
@lifterlms/llms-e2e-test-utils@2.1.0
@lifterlms/llms-e2e-test-utils@2.1.2
@lifterlms/llms-e2e-test-utils@2.1.3
@lifterlms/llms-e2e-test-utils@2.2.2
@lifterlms/llms-e2e-test-utils@2.2.3
@lifterlms/llms-e2e-test-utils@3.*
@lifterlms/llms-e2e-test-utils@3.2.0
@lifterlms/scripts@1.*
@lifterlms/scripts@1.2.0
@lifterlms/scripts@1.2.1
@lifterlms/scripts@1.2.3
@lifterlms/scripts@1.2.4
@lifterlms/scripts@1.3.0
@lifterlms/scripts@1.3.1
@lifterlms/scripts@1.3.2
@lifterlms/scripts@1.3.5
@lifterlms/scripts@1.3.7
@lifterlms/scripts@2.*
@lifterlms/scripts@2.2.0
llms-e2e-test-utils@1.*
llms-e2e-test-utils@1.0.0
llms-e2e-test-utils@1.0.1
llms-e2e-test-utils@1.1.0
v1.*
v1.3.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0377.json"