CVE-2024-1133 Tutor LMS <= 2.6.0 - Missing Authorization

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attacker...

CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

CVE-2024-1128

CVE-2024-1128 affects the WordPress Tutor LMS plugin (versions up to and including 2.6.0). The vulnerability is HTML Injection in the Q&A functionality caused by insufficient sanitization of HTML input, allowing authenticated users with Student-level access and above to inject arbitrary HTML onto...

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

PT-2024-16914 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.6.0 Description: The issue allows authenticated attackers with subscriber access or higher to interact with questions in courses they a...

PT-2024-16880 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is due to insufficient sanitization of HTML input in the Q&A functionality, making it possible for...

PT-2024-3143 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions up to, and including, 2.6.1 Description: The issue is related to a missing capability check on the tutor delete announcement function, which can allow authenticated attackers with subscriber-level acces...

PT-2024-3142 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.6.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the erase tutor dat...

CVE-2023-49829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4...

CVE-2023-49829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4...

CVE-2023-49829 WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4...

CVE-2023-49829

CVE-2023-49829 pertains to the Tutor LMS WordPress plugin (Tutor LMS – eLearning and online course solution) and describes an issue where input is not properly sanitized during web page generation, allowing stored XSS. Affected versions are Tutor LMS

WordPress Plugin Tutor LMS Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Tutor LMS < 2.3.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49829 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f03fa341046 Credits emad Required privilege Administrator...

CVE-2023-25990

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10...

CVE-2023-25800

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0...

CVE-2023-25700

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10...