.. / CVE-2020-8615

Exploit for Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (CVE-2020-8615)

Description:

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

Nuclei Template

View the template here CVE-2020-8615.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-8615.yaml

References:

https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
https://wpvulndb.com/vulnerabilities/10058
https://wpscan.com/vulnerability/10058
http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8615

.. / CVE-2020-8615 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (CVE-2020-8615)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-8615