WordPress LifterLMS 4.21.1 Insecure Direct Object Reference

CVE Category Price Severity
CVE-2021-24692 CWE-200 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-08-10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

WordPress LifterLMS 4.21.1 Insecure Direct Object Reference
# Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR
# Date: 2021-05-17
# Exploit Author: captain_hook
# Vendor Homepage:
# Software Link:
# Version: 4.21.1
# Tested on: any


The plugin was affected by an IDOR issue, allowing students to see other student answers and grades

Proof of Concept

- Add 2 users with Student role for the scenario .
- Create A course With a quiz ( I picked True or Flase question for my quiz)
- Set Enrol on Free ( for the ease of scenario )
- Enrol into the Course with Student B and submit your answer to the Course .

The plugin will give a token like :
To Check your answer was true or false.

Now Login as a Student A and Enroll in the Course. You can just use
the URL
and reach the Student B answer.

Fixed in version 4.21.2


Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum