Lucene search
K

6 matches found

Nuclei
Nuclei
added 13 hours ago11 views

Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

8.8CVSS7.4AI score0.03135EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 5:25 a.m.7 views

CVE-2024-1751

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

8.8CVSS8.7AI score0.03135EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/04/03 5:11 a.m.103 views

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...

9.8CVSS10AI score0.18402EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.13 views

CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

8.8CVSS7.4AI score0.03135EPSS
Exploits0References3
CVE
CVE
added 2024/03/13 3:27 p.m.55 views

CVE-2024-1751

Tutor LMS for WordPress is affected by a time-based SQL Injection in the question_id parameter in all versions up to 2.6.1, exploitable by authenticated users with subscriber or higher privileges to extract data. The root cause is insufficient escaping/protection in the SQL query. A fix is availa...

8.8CVSS9AI score0.03135EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.9 views

WordPress Tutor LMS Plugin <= 2.6.1 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1751 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3833befb3021 Credits Muhammad Hassham Nagori Required privilege Subscriber...

8.8CVSS7.2AI score0.03135EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder