Lucene search
+L

123 matches found

patchstack
patchstack
added 2024/08/30 2:46 a.m.9 views

WordPress Tutor LMS Pro plugin <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Missing Authorization to Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS Pro versions = 2.7.2...

7.1CVSS7AI score0.00355EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/08/30 12:0 a.m.7 views

WordPress plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.1CVSS6.5AI score0.00355EPSS
Exploits0References4
patchstack
patchstack
added 2024/08/30 12:0 a.m.16 views

WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...

7.1CVSS6.5AI score0.00355EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2024/08/29 12:0 a.m.9 views

PT-2024-37150 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: The Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.2 Description: The issue allows authenticated attackers with subscriber-level access and above to perform administrative actions on the site, such as deleting comments,...

7.1CVSS6.8AI score0.00355EPSS
Exploits0References10
osv
osv
added 2024/05/16 10:15 a.m.9 views

CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS6.6AI score
Exploits0References2
osv
osv
added 2024/05/16 10:15 a.m.9 views

CVE-2024-4222

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

8.2CVSS6.7AI score0.00329EPSS
Exploits0References2
nvd
nvd
added 2024/05/16 10:15 a.m.24 views

CVE-2024-4222

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

8.2CVSS7.2AI score0.00329EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/05/16 9:32 a.m.19 views

CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...

8.8CVSS7.2AI score0.01183EPSS
Exploits0References2
cve
cve
added 2024/05/16 9:32 a.m.80 views

CVE-2024-4352

CVE-2024-4352 affects Tutor LMS Pro for WordPress. The Red Hat and NVD entries confirm a missing capability check in the function get_calendar_materials, enabling unauthorized access and data modification/loss. It also permits SQL Injection via the year parameter due to insufficient escaping and ...

8.8CVSS7AI score0.01183EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/05/16 9:32 a.m.20 views

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

7.3CVSS6.8AI score0.00329EPSS
Exploits0References2
cve
cve
added 2024/05/16 9:32 a.m.78 views

CVE-2024-4351

CVE-2024-4351 affects Tutor LMS Pro (WordPress) where a missing capability check in the authenticate function across versions up to and including 2.7.0 allows authenticated users with subscriber-level permissions or higher to gain control of an existing administrator account. Public details confi...

8.8CVSS6.6AI score0.01023EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/05/16 1:39 a.m.6 views

WordPress Tutor LMS Pro plugin <= 2.7.0 - Missing Authorization to SQL Injection vulnerability

Missing Authorization to SQL Injection vulnerability discovered by villu164 in WordPress Plugin Tutor LMS Pro versions = 2.7.0...

8.8CVSS8AI score0.01183EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/05/16 1:37 a.m.7 views

WordPress Tutor LMS Pro plugin <= 2.7.0 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by villu164 in WordPress Plugin Tutor LMS Pro versions = 2.7.0...

8.2CVSS7AI score0.00329EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/05/16 1:32 a.m.6 views

WordPress Tutor LMS Pro plugin <= 2.7.0 - Missing Authorization to Privilege Escalation vulnerability

Missing Authorization to Privilege Escalation vulnerability discovered by villu164 in WordPress Plugin Tutor LMS Pro versions = 2.7.0...

8.8CVSS7AI score0.01023EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/05/16 12:0 a.m.20 views

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Privilege Escalation

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-4351 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc3d215c9303 Credits villu164...

8.8CVSS6.5AI score0.01023EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/05/16 12:0 a.m.15 views

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4222 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 2853424c7113 Credits villu164 Required privilege...

8.2CVSS6.5AI score0.00329EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/05/16 12:0 a.m.4 views

WordPress Plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.3AI score0.01183EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/05/16 12:0 a.m.5 views

WordPress Plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS6.4AI score0.01023EPSS
Exploits0References3
vulncheck_kev
vulncheck_kev
added 2024/05/16 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.01023EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/05/16 12:0 a.m.5 views

WordPress Plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.2CVSS6.2AI score0.00329EPSS
Exploits0References3
Rows per page
Query Builder