WordPress Tutor LMS Elementor Addons plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Course Carousel Widget vulnerability discovered by wesley wcraft in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.4...

CVE-2024-5576

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-5576

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-5576

CVE-2024-5576 affects Tutor LMS Elementor Addons for WordPress (

CVE-2024-5576 Tutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...

PT-2024-36583 · WordPress · Tutor Lms Elementor Addons

Name of the Vulnerable Software and Affected Versions: Tutor LMS Elementor Addons plugin for WordPress versions up to, and including, 2.1.4 Description: The issue is related to Stored Cross-Site Scripting via the course carousel skin attribute within the plugin's Course Carousel widget. This is d...