CVE-2024-0377
- Source
- https://cve.org/CVERecord?id=CVE-2024-0377
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0377.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-0377
- Published
- 2024-03-13T16:15:11.070Z
- Modified
- 2026-04-10T05:07:53.781758Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.
- References
Affected packages
Git / github.com/gocodebox/lifterlms
Affected versions
1.*
1.0.0
1.1.1
1.2.4
1.2.5
1.2.6
1.3.0
1.3.10
1.3.2
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
3.*
3.0.0-beta.1
3.0.0-beta.2
3.0.0-beta.3
3.0.0-beta.4
3.0.0-beta.5
3.20.0-beta.1
@lifterlms/brand@0.*
@lifterlms/brand@0.0.1
@lifterlms/brand@0.0.2
@lifterlms/dev@0.*
@lifterlms/dev@0.0.4-alpha.0
@lifterlms/llms-e2e-test-utils@1.*
@lifterlms/llms-e2e-test-utils@1.1.1
@lifterlms/llms-e2e-test-utils@2.*
@lifterlms/llms-e2e-test-utils@2.0.0
@lifterlms/llms-e2e-test-utils@2.1.0
@lifterlms/llms-e2e-test-utils@2.1.2
@lifterlms/llms-e2e-test-utils@2.1.3
@lifterlms/llms-e2e-test-utils@2.2.2
@lifterlms/llms-e2e-test-utils@2.2.3
@lifterlms/llms-e2e-test-utils@3.*
@lifterlms/llms-e2e-test-utils@3.2.0
@lifterlms/scripts@1.*
@lifterlms/scripts@1.2.0
@lifterlms/scripts@1.2.1
@lifterlms/scripts@1.2.3
@lifterlms/scripts@1.2.4
@lifterlms/scripts@1.3.0
@lifterlms/scripts@1.3.1
@lifterlms/scripts@1.3.2
@lifterlms/scripts@1.3.5
@lifterlms/scripts@1.3.7
@lifterlms/scripts@2.*
@lifterlms/scripts@2.2.0
llms-e2e-test-utils@1.*
llms-e2e-test-utils@1.0.0
llms-e2e-test-utils@1.0.1
llms-e2e-test-utils@1.1.0
v1.*
v1.3.3