Skip to main content

Academy Lms CVE-2024-1505

HIGH
Improper Privilege Management (CWE-269)
2024-03-13 security@wordfence.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch released
Apr 08, 2026 - 19:39 nvd
Patch available
CVE Published
Mar 13, 2024 - 16:15 nvd
HIGH 8.8

DescriptionCVE.org

The Academy LMS - eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.

AnalysisAI

The Academy LMS - eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. The Academy LMS - eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator. Affected products include: Kodezen Academy Lms.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2023-4974 CRITICAL POC
9.8 Sep 15

A vulnerability was found in Academy LMS 6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit

CVE-2025-71179 MEDIUM POC
6.1 Feb 03

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to t

CVE-2024-38959 MEDIUM POC
6.1 Jul 09

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attack

CVE-2023-4973 MEDIUM POC
6.1 Sep 15

A vulnerability was found in Academy LMS 6.2 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotel

CVE-2023-38964 MEDIUM POC
6.1 Aug 04

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severit

CVE-2023-4119 MEDIUM POC
6.1 Aug 03

A vulnerability has been found in Academy LMS 6.0 and classified as problematic. Rated medium severity (CVSS 6.1), this

CVE-2024-38701 HIGH
8.8 Jul 22

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.0.4. Rated high severity (CVSS 8.8), this

CVE-2024-32714 HIGH
8.8 Jun 09

Missing Authorization vulnerability in Academy LMS academy.9.16. Rated high severity (CVSS 8.8), this vulnerability is r

CVE-2022-29380 MEDIUM POC
4.8 May 25

Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. Rated med

CVE-2024-33912 HIGH
7.1 May 06

Missing Authorization vulnerability in Academy LMS.9.16. Rated high severity (CVSS 7.1), this vulnerability is remotely

CVE-2023-3752 MEDIUM
6.1 Jul 19

A vulnerability was found in Creativeitem Academy LMS 5.15. Rated medium severity (CVSS 6.1), this vulnerability is remo

CVE-2024-35171 MEDIUM
5.3 May 14

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.9.25. Rated medium sever

Share

CVE-2024-1505 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy