20 matches found
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...
CVE-2026-5502
The Tutor LMS WordPress plugin (versions up to 3.9.8) is affected by an authorization flaw in tutor_update_course_content_order that allows authenticated subscribers (and higher) to manipulate course content without proper permission checks. The code only validates CSRF via nonce and only runs ca...
CVE-2026-5502
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...
WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability
Authenticated Subscriber+ Arbitrary Course Content Manipulation via tutorupdatecoursecontentorder vulnerability discovered by momopon1415 in WordPress Plugin Tutor LMS versions = 3.9.8...
PT-2026-33405
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutor update course content order function. The function only validates th...
WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...
CVE-2026-3371
The Tutor LMS WordPress plugin (versions ≤ 3.9.7) is vulnerable to Insecure Direct Object Reference due to missing authorization checks in the private save_course_content_order() method, which is called unconditionally by the tutor_update_course_content_order AJAX handler. Attackers with Subscrib...
CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...
EUVD-2026-21615
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...
CVE-2026-3371
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...
CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...
PT-2026-32085
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the save course content order private method, which is called unconditionally by...
WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-13964
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...
PT-2026-1425
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.2 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the catch l...
EUVD-2018-8759
Malware in sbrugna...
CVE-2024-1463
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...
Design/Logic Flaw
Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to access non-purchased course contents quiz / test via a modified id parameter...