4 matches found
CVE-2024-5784
CVE-2024-5784 (Tutor LMS Pro, WordPress) shows a vulnerability where missing capability checks in multiple functions (treport_quiz_atttempt_delete, tutor_gc_class_action) allow an authenticated user with subscriber-level access or higher to perform unauthorized administrative actions (e.g., delet...
CVE-2024-5784 Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treportquizatttemptdelete and tutorgcclassaction in all versions up to, and including, 2.7.2. This makes it possible for authenticate...
CVE-2024-5784 Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treportquizatttemptdelete and tutorgcclassaction in all versions up to, and including, 2.7.2. This makes it possible for authenticate...
WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control
Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...