Lucene search
+L

4 matches found

NVD
NVD
added 2024/06/07 1:15 p.m.33 views

CVE-2024-5438

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/07 12:33 p.m.32 views

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/07 12:33 p.m.12 views

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.7AI score0.00343EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.20 views

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder