CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

797 matches found

WordPress Tutor LMS <2.0.10 - Cross Site Scripting

WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the resetkey and userid parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the conte...

6.1CVSS6.4AI score0.01347EPSS

Exploits2References3

Nuclei•added yesterday•10 views

Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

8.8CVSS7.5AI score0.03135EPSS

Exploits0References3

Nuclei•added yesterday•75 views

Tutor LMS <= 2.7.6 - SQL Injection

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS7.3AI score0.82589EPSS

Exploits0References2

NVD•added 5 days ago•8 views

CVE-2026-10736

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00363EPSS

Exploits0References10

Cvelist•added 5 days ago•24 views

CVE-2026-10736 Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter

4.9CVSS0.00363EPSS

Exploits0References10

CVE•added 5 days ago•14 views

CVE-2026-10736

CVE-2026-10736 affects the WordPress plugin Tutor LMS (eLearning and online course solution). All versions up to and including 3.9.11 are vulnerable to a generic SQL Injection via the 'data' parameter due to insufficient escaping and inadequate preparation of the SQL query. This can let an authen...

4.9CVSS5.9AI score0.00363EPSS

Exploits0References10

EUVD•added 6 days ago•6 views

EUVD-2026-37655

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

Patchstack•added 6 days ago•6 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...

4.9CVSS5.9AI score0.00363EPSS

Exploits0References1Affected Software1

Cvelist•added 6 days ago•27 views

CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS0.00283EPSS

Exploits0References1

CVE•added 6 days ago•9 views

CVE-2026-22332

CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro <=3.9.6, with exploitation status not pr...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36974

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

6.5CVSS5.1AI score0.00252EPSS

Exploits0References2

NVD•added 2026/06/15 9:16 p.m.•5 views

CVE-2026-40743

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

6.5CVSS0.00252EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•25 views

CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

6.5CVSS0.00252EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•8 views

CVE-2026-40743

CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions

6.5CVSS5.1AI score0.00252EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•11 views

PT-2026-49409

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

6.5CVSS5.1AI score0.00252EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:35 p.m.•6 views

CVE-2026-5502

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS5.4AI score0.00465EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:31 p.m.•8 views

CVE-2026-6965

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.5AI score0.00304EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:21 p.m.•5 views

CVE-2026-3360

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

7.5CVSS5.5AI score0.00615EPSS

Exploits0References1