CVE-2024-1804 – The Tutor LMS Migration Tool WordPress plugin h... (How to Fix)

Q: What is the severity of CVE-2024-1804?

CVE-2024-1804 has a CVSS score of 4.3 (MEDIUM). The Tutor LMS Migration Tool WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher to import courses without proper permission checks. This affects all versions up to and including 2.2.0. Attackers can misuse this to add unauthorized content to WordPress sites.

📋 TL;DR

The Tutor LMS Migration Tool WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher to import courses without proper permission checks. This affects all versions up to and including 2.2.0. Attackers can misuse this to add unauthorized content to WordPress sites.

💻 Affected Systems

Products:

Tutor LMS - Migration Tool WordPress Plugin

Versions: All versions up to and including 2.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled and at least one authenticated user account.

📦 What is this software?

Tutor Lms Migration Tool by Themeum

View all CVEs affecting Tutor Lms Migration Tool →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could import malicious courses containing scripts or inappropriate content, potentially compromising site integrity or enabling further attacks through uploaded content.

🟠

Likely Case

Unauthorized users import courses they shouldn't have access to, disrupting legitimate course management and potentially exposing sensitive educational materials.

🟢

If Mitigated

With proper user role management and monitoring, impact is limited to unauthorized course imports that can be detected and reverted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is publicly documented with code references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.2.0

Vendor Advisory: https://plugins.trac.wordpress.org/browser/tutor-lms-migration-tool/trunk/classes/LPtoTutorMigration.php

Restart Required: No

Instructions:

1. Update the Tutor LMS Migration Tool plugin to the latest version via WordPress admin panel. 2. Verify the update completed successfully. 3. Test course import functionality with appropriate user roles.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate tutor-lms-migration-tool

Restrict User Roles

all

Limit user accounts with subscriber-level access or review existing accounts

🧯 If You Can't Patch

Implement strict user role management and audit all subscriber-level accounts
Monitor course import logs and implement alerts for unauthorized import attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for Tutor LMS Migration Tool plugin version. If version is 2.2.0 or lower, the system is vulnerable.

Check Version:

wp plugin get tutor-lms-migration-tool --field=version

Verify Fix Applied:

Verify plugin version is higher than 2.2.0 and test that subscriber-level users cannot import courses.

📡 Detection & Monitoring

Log Indicators:

Unexpected course import events from non-admin users
Multiple import attempts from single user accounts

Network Indicators:

POST requests to tutor_import_from_xml endpoint from unauthorized user roles

SIEM Query:

source="wordpress" AND (event="course_import" OR action="tutor_import") AND user_role="subscriber"

📊 Metadata

CVE ID: CVE-2024-1804

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

Published: July 27, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1804, you might also want to check these: