CVE-2024-1505

Name of the Vulnerable Software and Affected Versions The Academy LMS – eLearning and online course solution for WordPress plugin versions up to, and including, 1.9.19

Description The issue is related to privilege escalation due to the plugin allowing arbitrary user meta updates through the saved user info() function. This enables authenticated attackers with minimal permissions, such as students, to elevate their user role to that of an administrator.

Recommendations For versions up to, and including, 1.9.19, update to a version higher than 1.9.19 to resolve the issue. As a temporary workaround, consider disabling the saved user info() function until a patch is available.