WordPress plugin Tutor LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.3...

WordPress Tutor LMS Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c09ff6728ca9 Credits justakazh Required privilege Instructor...

WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.3...

WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Tutor LMS versions = 2.7.2...

WordPress Tutor LMS Plugin <= 2.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-39645 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dcc37aabdfcd Credits Rafie Muhammad Patchstack...

WordPress Tutor LMS – Migration Tool plugin <= 2.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Francesco Carlucci in WordPress Plugin Tutor LMS – Migration Tool versions = 2.2.0...

WordPress Tutor LMS – Migration Tool Plugin <= 2.2.2 is vulnerable to Broken Access Control

Software Tutor LMS – Migration Tool Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 75e96e3a3dee Credits Francesco Carlucci...

CVE-2024-1804

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutorimportfromxml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2024-1804

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutorimportfromxml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2024-1798

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...

CVE-2024-1798

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...

CVE-2024-1798 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...

CVE-2024-1804

The CVE-2024-1804 issue affects the WordPress plugin Tutor LMS – Migration Tool, affecting all versions up to 2.2.0. Root cause: missing capability check in tutor_import_from_xml allows authenticated users with subscriber-level access or higher to import courses, enabling unauthorized data modifi...

CVE-2024-1798

CVE-2024-1798 affects the WordPress plugin “Tutor LMS – Migration Tool” and concerns unauthenticated data export due to a missing capability check in tutor_lp_export_xml. Affected versions are up to and including 2.2.0. Public sources indicate this could allow unauthenticated attackers to export ...

CVE-2024-1798 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...

PT-2024-18316 · WordPress · The Tutor Lms – Migration Tool

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – Migration Tool plugin for WordPress versions up to, and including, 2.2.0 Description: The issue allows unauthorized access to data due to a missing capability check on the tutor lp export xml function. This makes it possible f...

PT-2024-18320 · WordPress · The Tutor Lms – Migration Tool

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – Migration Tool plugin for WordPress versions up to, and including, 2.2.0 Description: The issue allows authenticated attackers with subscriber-level access and above to import courses due to a missing capability check on the...

CVE-2024-37947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2...

CVE-2024-37947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2...