CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

CVE-2025-12270

CVE-2025-12270 affects LearnHouse, impacting the Student Assignment Submission Handler. The vulnerability resides in an unknown function within /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file, causing improper control of resource identifiers. Exploitation can be performed remotely; m...

EUVD-2025-36164

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

PT-2025-43939

Name of the Vulnerable Software and Affected Versions LearnHouse affected versions not specified Description A flaw exists that results in improper control of resource identifiers. This issue is located within the Student Assignment Submission Handler component, specifically affecting an unknown...

CVE-2025-6639

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

CVE-2025-6680

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't...

CVE-2025-6639

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

EUVD-2025-35911

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

CVE-2025-6639 Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

CVE-2025-6680 Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't...

PT-2025-43711

Name of the Vulnerable Software and Affected Versions Tutor LMS Pro versions prior to 3.8.4 Description The Tutor LMS Pro plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of proper validation on a user-controlled key when handling assignment...

CVE-2025-60220

Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through = 3.0.0...

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

CVE-2025-62688

CVE-2025-62688 concerns Productivity Suite software v4.4.1.19, where an incorrect permission assignment for a critical resource enables a user with low-privileged credentials to change their role and gain full control access to the project. The Red Hat, NVD, and other feeds corroborate the same d...

CVE-2025-49924

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.4.2...

CVE-2025-48082

Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through = 1.8.0...

CVE-2025-62007

Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through = 1.0.3...

CVE-2025-53428

Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through = 6.8...

CVE-2025-53425

Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through = 4.1.3...