The vulnerability of the tutor_delete_announcement() function in the Tutor LMS plugin for WordPress content management system allows a user to elevate their privileges.

The vulnerability of the tutordeleteannouncement function in the Tutor LMS content management system for WordPress is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

The vulnerability of the hide_notices() function in the Tutor LMS plugin for WordPress content management system allows a violator to gain access to read and modify data.

The vulnerability of the hidenotices function in the Tutor LMS plugin for WordPress-related content management systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to and modify data...

WordPress Tutor LMS plugin <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update vulnerability

Missing Authorization to Unauthenticated Limited Options Update vulnerability discovered by M.Awad in WordPress Plugin Tutor LMS versions = 2.6.2...

WordPress Tutor LMS Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3553 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 834bc3c614b6 Credits M.Awad Required privilege...

CVE-2024-3994

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-3994

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-3994

CVE-2024-3994 affects Tutor LMS – eLearning and online course solution for WordPress. It is a Stored XSS in the tutor_instructor_list shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes in versions up to and including 2.6.2. Exploitation requires au...

CVE-2024-3994 Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-3994 Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attribute...

WordPress Tutor LMS plugin <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tutorinstructorlist' Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Tutor LMS versions = 2.6.2...

WordPress Tutor LMS Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3994 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c6caadf1e9e Credits wesley wcraft Required privile...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Tutor LMS – eLearning and online course solution < 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user suppli...

PT-2024-3144 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tutor instructor list' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-3145 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to a missing capability check on the hide notices function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers ...

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...

Tutor LMS Elementor Addons < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

CVE-2024-29913

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3...

CVE-2024-29913

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3...

CVE-2024-29913 WordPress Tutor LMS Elementor Addons plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3...