6 matches found
Tutor LMS <= 2.1.10 - SQL Injection
Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...
CVE-2024-1751
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...
CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
CVE-2024-1751
Tutor LMS for WordPress is affected by a time-based SQL Injection in the question_id parameter in all versions up to 2.6.1, exploitable by authenticated users with subscriber or higher privileges to extract data. The root cause is insufficient escaping/protection in the SQL query. A fix is availa...
WordPress Tutor LMS Plugin <= 2.6.1 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1751 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3833befb3021 Credits Muhammad Hassham Nagori Required privilege Subscriber...