2 matches found
CVE-2024-1502
CVE-2024-1502 affects Tutor LMS – eLearning and online course solution for WordPress. The vulnerability is caused by a missing capability check in the function tutor_delete_announcement(), impacting all versions up to and including 2.6.1. This allows authenticated attackers with subscriber-level ...
WordPress Tutor LMS Plugin <= 2.6.1 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1502 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cc73ea99f391 Credits Lucio Sá Required privilege Subscrib...