Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2024/05/16 5:33 a.m.20 views

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.7AI score0.00418EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/16 5:33 a.m.24 views

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/16 12:0 a.m.16 views

WordPress Tutor LMS Plugin <= 2.7.0 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4279 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b3b3270c166a Credits Thanh Nam Tran...

6.5CVSS6.5AI score0.00418EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder