Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.6 views

CVE-2026-1371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 7:31 a.m.3 views

CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 7:31 a.m.24 views

CVE-2026-1371

The CVE-2026-1371 entry concerns Tutor LMS for WordPress. Affected: Tutor LMS plugin versions up to and including 3.9.5. Root cause: missing authorization checks in ajax_coupon_details(), which only validates nonces and does not verify user capabilities. Impact: authenticated users with Subscribe...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 7:31 a.m.31 views

CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

5.3CVSS0.00282EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6042

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.6 Description The Tutor LMS plugin for WordPress has a flaw where sensitive coupon details can be accessed without proper authorization. The issue stems from insufficient validation within the ajax coupon detail...

5.3CVSS5.4AI score0.00282EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

WordPress plugin Tutor LMS 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/02 10:55 p.m.10 views

WordPress Tutor LMS plugin <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action vulnerability

Authenticated Subscriber+ Information Disclosure in Coupon Details via 'tutorcoupondetails' AJAX Action vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.5...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2024/11/08 11:3 a.m.4 views

Mars: Customer Data Exposure via Insecure Endpoint of coupon

A security vulnerability was identified in the Royal Canin Greece website. An insecure API endpoint was exposed that allowed unauthorized access to customer information without requiring authentication. The endpoint related to coupon functionality and revealed sensitive customer data, including...

6.7AI score
Exploits0
Rows per page
Query Builder