$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin

On February 14th, 2024, during the second Wordfence Bug Bounty Extravaganza, they received a submission for a Privilege Escalation vulnerability in Academy LMS, a WordPress plugin with more than 1,000+ active installations. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges by updating user metadata.

Props to Lucio Sá who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $1,313.00 for this discovery during our Bug Bounty Program Extravaganza.

All users of the Wordfence plugin are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Privilege Escalation via User Meta Updates protection.

Wordfence contacted the Academy LMS Team on February 14, 2024, and received a response on February 15, 2024. After providing full disclosure details, the developer released a patch on February 19, 2024. We would like to commend the Academy LMS Team for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of Academy LMS, which is version 1.9.20, as soon as possible.

Source and more details: https://www.wordfence.com/blog/2024/02/1313-bounty-awarded-for-privilege-escalation-vulnerability-patched-in-academy-lms-wordpress-plugin

Posted in Vulnerability.