Lucene search
K

24 matches found

CVE
CVE
added 2024/05/16 5:33 a.m.59 views

CVE-2024-4279

Summary: CVE-2024-4279 affects Tutor LMS – eLearning and online course solution for WordPress. An insecure direct object reference vulnerability exists in the tutor_course_delete function caused by missing validation on a user-controlled key, enabling an authenticated attacker with Instructor-lev...

6.5CVSS6.5AI score0.00418EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/16 1:33 a.m.6 views

WordPress Tutor LMS plugin <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability

Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.0...

6.5CVSS7AI score0.00418EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-30162 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows authenticated attackers with Instructor-level permissions and above to delete any course due to missi...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.17 views

Tutor LMS – eLearning and online course solution < 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. Thi...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder