CVE-2024-53816

Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through = 2.1.5...

CVE-2024-53816 WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5...

CVE-2024-53816

The CVE-2024-53816 entry concerns a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Tutor LMS Elementor Addons by Themeum, affecting versions up to 2.1.5. Multiple connected sources corroborate this, including Red Hat and CVE/CVELIST records, Patchstack entries...

CVE-2024-53816 WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through = 2.1.5...

WordPress plugin Tutor LMS Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35931 · Themeum · Tutor Lms Elementor Addons

Name of the Vulnerable Software and Affected Versions: Tutor LMS Elementor Addons versions 2.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons. Recommendations: For Tutor LMS Elementor Addons versions 2.1.5 and earlier...

WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.5...

WordPress Tutor LMS plugin <= 2.7.6 - Unauthenticated SQL Injection via rating_filter vulnerability

Unauthenticated SQL Injection via ratingfilter vulnerability discovered by mikemyers in WordPress Plugin Tutor LMS versions = 2.7.6...

WordPress Tutor LMS plugin <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration vulnerability

User Registration Setting Bypass to Unauthorized User Registration vulnerability discovered by 1337Wannabe in WordPress Plugin Tutor LMS versions = 2.7.6...

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-10393

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'userscanregister' option in the 'registerinstructor' function. This makes it possible for unauthenticated attackers to register as the...

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-10393

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'userscanregister' option in the 'registerinstructor' function. This makes it possible for unauthenticated attackers to register as the...

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to unauthenticated SQL Injection via the rating_filter parameter in versions up to 2.7.6 due to insufficient escaping and missing preparation of the SQL query. Impact: potential exposure of sensitive database data. Affected: all versions ≤ 2.7.6. R...

CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'userscanregister' option in the 'registerinstructor' function. This makes it possible for unauthenticated attackers to register as the...

CVE-2024-10393

CVE-2024-10393 affects the WordPress Tutor LMS plugin, vulnerable in versions

WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10400 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d0515de5a39b Credits mikemyers Required privilege Unauthenticated Publishe...

WordPress plugin Tutor LMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Tutor LMS 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access contro...

WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10393 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 196d31d95c65 Credits 1337Wannabe...