PT-2024-12208 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions up to, and including, 2.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the addon enable disable function. This allows unauthenticated...

WordPress Tutor LMS Plugin <= 2.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.4 Fixed in 2.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2919 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a0dbe6193554 Credits Ram Required privilege...

WordPress plugin Tutor LMS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-5784

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treportquizatttemptdelete and tutorgcclassaction in all versions up to, and including, 2.7.2. This makes it possible for authenticate...

CVE-2024-5784

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treportquizatttemptdelete and tutorgcclassaction in all versions up to, and including, 2.7.2. This makes it possible for authenticate...

CVE-2024-5784 Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treportquizatttemptdelete and tutorgcclassaction in all versions up to, and including, 2.7.2. This makes it possible for authenticate...

CVE-2024-5784

CVE-2024-5784 (Tutor LMS Pro, WordPress) shows a vulnerability where missing capability checks in multiple functions (treport_quiz_atttempt_delete, tutor_gc_class_action) allow an authenticated user with subscriber-level access or higher to perform unauthorized administrative actions (e.g., delet...

WordPress Tutor LMS Pro plugin <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Missing Authorization to Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS Pro versions = 2.7.2...

WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...

WordPress plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37150 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: The Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.2 Description: The issue allows authenticated attackers with subscriber-level access and above to perform administrative actions on the site, such as deleting comments,...

CVE-2024-39645

Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...

CVE-2024-39645

Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...

CVE-2024-39645 WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...

CVE-2024-39645 WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...

CVE-2024-39645

CVE-2024-39645 is a CSRF vulnerability in WordPress Tutor LMS

PT-2024-28582 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions through 2.7.2 Description: A Cross-Site Request Forgery CSRF issue affects Tutor LMS, allowing unauthorized actions to be performed on behalf of a user without their knowledge. The estimated number of potentially affected...

WordPress plugin Tutor LMS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-5576

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-5576

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...