PT-2024-16247 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to SQL Injection via the rating filter parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

VulnCheck KEV: CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-10897

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installetlmsdependencyplugin function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2024-10897

CVE-2024-10897 affects the WordPress plugin Tutor LMS Elementor Addons (versions up to and including 2.1.5). The issue is a missing capability check in install_etlms_dependency_plugin(), enabling authenticated users with Subscriber+ privileges to install Elementor or Tutor LMS. Impact is limited ...

CVE-2024-10897 Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installetlmsdependencyplugin function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-lev...

WordPress plugin Tutor LMS Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16629 · WordPress · Tutor Lms Elementor Addons

Name of the Vulnerable Software and Affected Versions: Tutor LMS Elementor Addons plugin for WordPress versions up to, and including, 2.1.5 Description: The issue is related to a missing capability check on the install etlms dependency plugin function, allowing authenticated attackers with...

CVE-2024-43142

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3...

CVE-2024-43142

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3...

CVE-2024-43142

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3...

CVE-2024-43142 WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3...

CVE-2024-43142

CVE-2024-43142 is a Missing Authorization vulnerability affecting Tutor LMS versions up to 2.7.3. Public sources (NVD, RH) confirm a Missing Authorization/Access Control issue with Themeum Tutor LMS and list Tutor LMS (n/a through 2.7.3) as affected. NVD CVSS v3.1 base score is 8.8 ( HIGH ) with ...

CVE-2024-43142 WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-30332 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions 2.7.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Tutor LMS versions 2.7.3 and...

CVE-2023-2919

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

CVE-2023-2919

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

CVE-2023-2919 Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

CVE-2023-2919 Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

WordPress Tutor LMS plugin <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' vulnerability

Cross-Site Request Forgery via 'addonenabledisable' vulnerability discovered by Ram in WordPress Plugin Tutor LMS versions = 2.7.4...