946 matches found
CVE-2024-29913
CVE-2024-29913 is an improper input handling vulnerability causing Stored XSS in Tutor LMS Elementor Addons (Themeum). Affected: Tutor LMS Elementor Addons up to 2.1.3. Root cause: improper neutralization of input during web page generation. Impact: stored XSS. Remediation/patch details are not p...
CVE-2024-29913 WordPress Tutor LMS Elementor Addons plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3...
WordPress Plugin Tutor LMS Elementor Addons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-23135 · Unknown · Tutor Lms Elementor Addons
Name of the Vulnerable Software and Affected Versions: Tutor LMS Elementor Addons versions prior to 2.1.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...
WordPress Tutor LMS Elementor Addons Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Elementor Addons Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29913 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e4c6cc14b103 Credits Khalid Yusuf Required...
CVE-2024-1503
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erasetutordata function. This makes it possible for unauthenticated...
CVE-2024-1502
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutordeleteannouncement function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with...
CVE-2024-1502
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutordeleteannouncement function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with...
CVE-2024-1503
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erasetutordata function. This makes it possible for unauthenticated...
WordPress Plugin Tutor LMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Tutor LMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza, ...
CVE-2024-1751
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
CVE-2024-1751
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
Sql injection
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
CVE-2024-1751
Tutor LMS for WordPress is affected by a time-based SQL Injection in the question_id parameter in all versions up to 2.6.1, exploitable by authenticated users with subscriber or higher privileges to extract data. The root cause is insufficient escaping/protection in the SQL query. A fix is availa...
WordPress Plugin Tutor LMS Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutordeleteannouncement function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with...