WordPress Tutor LMS plugin <= 1.9.12 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Tutor LMS plugin versions = 1.9.12. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 1.9.13...

WordPress Tutor LMS plugin <= 1.9.11 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by creadpag in WordPress Tutor LMS plugin versions = 1.9.11. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 1.9.12...

Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting

The plugin does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=tutorannouncements=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D...

WordPress Tutor LMS plugin <= 1.9.11 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Tutor LMS plugin versions = 1.9.11. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 1.9.12...

Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting

The plugin does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=tutorannouncements&search=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D...

Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting

The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...

Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting

The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile PoC As a subscriber, edit your profile and add the following payload in the Job...

CVE-2021-24873

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24873

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24873 Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24873

The CVE-2021-24873 entry relates to the Tutor LMS WordPress plugin (before 1.9.11) and a Reflected Cross-Site Scripting issue on the Student Registration page caused by insufficient sanitisation/escaping of user input in output attributes. Affected component: Tutor LMS plugin for WordPress; root ...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Tutor LMS, which stems from a lack of prope...

WordPress Tutor LMS plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Tutor LMS plugin in versions prior to 1.9.9 has a cross-site scripting vulnerability, which stems from the plugin's...

WordPress Tutor LMS plugin <= 1.9.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Tutor LMS plugin versions = 1.9.10. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 1.9.11...

Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/student-registration/?userlogin="...

Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue https://example.com/student-registration/?userlogin="alert/XSS/...

Cross site scripting

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24740 Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24740

The CVE-2021-24740 entry concerns the Tutor LMS WordPress plugin, affected versions prior to 1.9.9. The vulnerability is a stored Cross-Site Scripting (XSS) flaw where certain settings are output in HTML attributes without proper escaping, enabling high-privilege users to trigger XSS potentially ...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Tutor LMS plugin in versions prior to 1.9.9 has a cross-site scripting vulnerability, which stems from the plugin's...