CVE-2024-31363

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 12, 2024

Updated: Apr 15, 2024

CWE ID 352

Summary

CVE-2024-31363 is a Cross-Site Request Forgery (CSRF) vulnerability affecting LifterLMS, an e-learning plugin for WordPress. Versions from n/a to 7.5.0 are vulnerable to this issue, which allows an attacker to trick a user into performing unintended actions on a web application in their name.Such actions could include modifications to user accounts or data, leading to potential privacy and security consequences. Attackers can exploit this vulnerability by crafting malicious requests that are then processed by the affected LifterLMS installation when the user is logged in. It's crucial for LifterLMS users to update to the latest patched version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database