How severe is CVE-2024-4279?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-4279?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2024-4279 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course.

Related Vulnerabilities

CVE-2018-16606

MEDIUM

CVSS:6.5(Medium)

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Org...

CWE-6392018

CVE-2019-12252

MEDIUM

CVSS:6.5(Medium)

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&not...

CWE-6392019

CVE-2019-14245

MEDIUM

CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.

CWE-6392019

CVE-2019-14246

MEDIUM

CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

CWE-6392019

CVE-2019-14721

MEDIUM

CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.

CWE-6392019

CVE-2019-15815

MEDIUM

CVSS:6.5(Medium)

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privi...

CWE-6392019