CVE-2023-25799 – CVE-2023-25799 is a missing authorization vulne... (How to Fix)

Q: What is the severity of CVE-2023-25799?

CVE-2023-25799 has a CVSS score of 8.3 (HIGH). CVE-2023-25799 is a missing authorization vulnerability in the Tutor LMS WordPress plugin that allows unauthorized users to access student data and perform actions they shouldn't be able to. This affects all WordPress sites running Tutor LMS versions up to 2.1.8. The vulnerability enables broken access control where users can view and potentially modify other students' information.

📋 TL;DR

CVE-2023-25799 is a missing authorization vulnerability in the Tutor LMS WordPress plugin that allows unauthorized users to access student data and perform actions they shouldn't be able to. This affects all WordPress sites running Tutor LMS versions up to 2.1.8. The vulnerability enables broken access control where users can view and potentially modify other students' information.

💻 Affected Systems

Products:

WordPress Tutor LMS Plugin

Versions: n/a through 2.1.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations using vulnerable Tutor LMS versions regardless of configuration.

📦 What is this software?

Tutor Lms by Themeum

View all CVEs affecting Tutor Lms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive student data (grades, progress, personal information), modify course enrollments, or manipulate learning records across all students in the system.

🟠

Likely Case

Unauthorized users accessing other students' course progress, grades, and personal information, potentially leading to data privacy violations and academic integrity issues.

🟢

If Mitigated

With proper authorization checks, users would only see their own data and be prevented from accessing other students' information.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires at least student-level access but is technically simple once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.10

Vendor Advisory: https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-1-10-multiple-student-broken-access-control-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Tutor LMS and click 'Update Now'. 4. Verify update to version 2.1.10 or later.

🔧 Temporary Workarounds

Disable Tutor LMS Plugin

linux

Temporarily disable the plugin until patching is possible

wp plugin deactivate tutor

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the WordPress site
Enable detailed logging and monitoring for unauthorized access attempts to student data

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Tutor LMS → Version. If version is 2.1.8 or earlier, you are vulnerable.

Check Version:

wp plugin get tutor --field=version

Verify Fix Applied:

Verify Tutor LMS version is 2.1.10 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual student data access patterns
Multiple student records accessed by single user in short time
Access to /wp-admin/admin-ajax.php with tutor-related actions

Network Indicators:

HTTP requests to Tutor LMS endpoints with different student IDs from same source

SIEM Query:

source="wordpress.log" AND ("tutor" AND ("student" OR "enrollment" OR "progress")) AND status=200 | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2023-25799

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-862

Published: June 11, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25799, you might also want to check these: