AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-8615: A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves a

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2020CVE-2020-8615

Summary

CVE-2020-8615 is a CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website they're logged into) in the Tutor LMS plugin for WordPress before version 1.5.3. An attacker could exploit this to approve themselves as an instructor or block legitimate instructors without proper authorization.

Solution / Mitigation

Update the Tutor LMS plugin to version 1.5.3 or later.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 6.9%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-352

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-8615

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%