WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability

Path Traversal vulnerability discovered by filime Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.1...

WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.1...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Local File Inclusion

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37266 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8224e271a86b Credits filime Required privilege Administrator Publishe...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37256 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c87880efca91 Credits justakazh Required privilege Administrator Published 27...

CVE-2023-25799

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8...

CVE-2023-25799

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8...

CVE-2023-25799 WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8...

CVE-2023-25799 WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8...

CVE-2023-25799

CVE-2023-25799 describes a Missing/Broken Authorization vulnerability in the WordPress plugin Tutor LMS . Affected versions are Tutor LMS: from n/a through 2.1.8. The issue is caused by insufficient authorization checks, enabling access control bypass for certain actions. Public references from P...

WordPress plugin Tutor LMS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-12077 · Themeum · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions 2.1.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in Themeum Tutor LMS. Recommendations: For versions 2.1.8 and earlier, update to a version later than 2.1.8 to resolve the issue...

CVE-2024-5438

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-5438

CVE-2024-5438: Tutor LMS – eLearning and online course solution for WordPress affects all versions up to 2.7.1. The issue is an Insecure Direct Object Reference in the quiz attempts deletion path via the attempt_delete function, due to missing validation on a user-controlled key. This allows auth...

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

CVE-2024-4902

CVE-2024-4902 : The Tutor LMS – eLearning and online course solution for WordPress contains a time-based SQL Injection in the course_id parameter, affecting all versions up to 2.7.1. The vulnerability stems from insufficient escaping and improper preparation of the SQL query, enabling an authenti...

CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

WordPress Tutor LMS plugin <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability

Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.1...