946 matches found
Design/Logic Flaw
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133
The CVE-2023-3133 entry concerns the Tutor LMS WordPress plugin (pre-2.2.1) where REST API endpoints do not perform adequate permission checks, allowing unauthenticated access to information from Lessons that should not be publicly available. Affected product: Tutor LMS WordPress plugin; vulnerab...
WordPress plugin Tutor LMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-23292 · WordPress · Tutor Lms
Name of the Vulnerable Software and Affected Versions: Tutor LMS WordPress plugin versions prior to 2.2.1 Description: The issue concerns inadequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly availabl...
WordPress Tutor LMS Plugin < 2.2.1 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 46e68bdc901b Credits A. S. M. Muhiminul Hasan Required...
Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The plugin does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. 1. Create a new Course, add a Topic, and add a Lesson to the Topic. 2. In Tutor LMS Settings Course, ensure...
Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The plugin does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. PoC 1. Create a new Course, add a Topic, and add a Lesson to the Topic. 2. In Tutor LMS Settings Course,...
WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25990 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1abc8ca80b8 Credits Rafie Muhammad Patchstack Required privilege Tutor...
WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25700 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID a985405069a7 Credits Rafie Muhammad Patchstack Required privilege...
WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25800 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 098051db4335 Credits Rafie Muhammad Patchstack Required privilege Student...
WordPress Tutor LMS Plugin <= 2.1.8 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25799 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID c5a261a00ca9 Credits Rafie Muhammad Patchstack Require...
MediaWiki authorization error vulnerability (CNVD-2023-29701)
MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation, which can be used to deploy in-house knowledge management and content management systems. An authorization error vulnerability exists in the MediaWiki GrowthExperiments extension, which could be exploited by ...
CVE-2023-0236
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0236
CVE-2023-0236 corresponds to a reflected XSS in the WordPress Tutor LMS plugin prior to 2.0.10. The vulnerability stems from failure to sanitize and escape reset_key and user_id when echoing them back in attributes, enabling an attacker to inject scripts into the browser of an authenticated user ...
WordPress plugin Tutor LMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Tutor LMS Plugin < 2.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions 2.0.10 Fixed in 2.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0236 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 18dcd075ba54 Credits So Sakaguchi Required...