CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2024/03/13 4:15 p.m.•17 views

Design/Logic Flaw

5CVSS6.9AI score0.04162EPSS

CVE•added 2024/03/13 3:27 p.m.•43 views

CVE-2024-1751

Tutor LMS for WordPress is affected by a time-based SQL Injection in the question_id parameter in all versions up to 2.6.1, exploitable by authenticated users with subscriber or higher privileges to extract data. The root cause is insufficient escaping/protection in the SQL query. A fix is availa...

8.8CVSS9AI score0.35249EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/03/13 3:27 p.m.•15 views

CVE-2024-0377 LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review

5.3CVSS5.3AI score0.04162EPSS

Vulnrichment•added 2024/03/13 3:27 p.m.•12 views

CVE-2024-0377 LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review

5.3CVSS6.7AI score0.04162EPSS

CVE•added 2024/03/13 3:27 p.m.•59 views

CVE-2024-0377

The CVE concerns LifterLMS – WordPress LMS Plugin for eLearning (versions

5.3CVSS6AI score0.04162EPSS

CVE•added 2024/03/13 3:27 p.m.•67 views

CVE-2024-1505

CVE-2024-1505 affects the Academy LMS plugin for WordPress (

8.8CVSS8.6AI score0.00176EPSS

CVE•added 2024/03/12 11:33 p.m.•41 views

CVE-2024-1502

CVE-2024-1502 affects Tutor LMS – eLearning and online course solution for WordPress. The vulnerability is caused by a missing capability check in the function tutor_delete_announcement(), impacting all versions up to and including 2.6.1. This allows authenticated attackers with subscriber-level ...

5.4CVSS8.9AI score0.00094EPSS

WPVulnDB•added 2024/03/12 12:0 a.m.•13 views

Tutor LMS – eLearning and online course solution < 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutordeleteannouncement function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attacker...

5.4CVSS6.5AI score0.00094EPSS

Openbugbounty•added 2024/03/09 12:10 p.m.•10 views

elearning.set.or.th Cross Site Scripting vulnerability OBB-3868440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Prion•added 2024/02/29 1:43 a.m.•24 views

Design/Logic Flaw

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attacker...

4CVSS7AI score0.00207EPSS

WPVulnDB•added 2024/02/21 12:0 a.m.•16 views

Academy LMS – eLearning and online course solution for WordPress < 1.9.20 - Authenticated (Subscriber+) Privilege Escalation

Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saveduserinfo function. This makes it...

8.8CVSS7.1AI score0.00176EPSS

CVE•added 2024/02/20 6:56 p.m.•75 views

CVE-2024-1133

The Tutor LMS WordPress plugin (versions up to and including 2.6.0) is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions.Authenticated users with subscriber access or higher can interact with questions in courses they are...

4.3CVSS5.2AI score0.00207EPSS

WPVulnDB•added 2024/02/20 12:0 a.m.•20 views

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

4.3CVSS6.2AI score0.00207EPSS

Openbugbounty•added 2024/01/05 9:6 a.m.•9 views

elearning.ice.ntnu.edu.tw Cross Site Scripting vulnerability OBB-3828434

6.2AI score

Exploits0

NVD•added 2023/12/15 4:15 p.m.•12 views

CVE-2023-49829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4...

5.9CVSS0.00135EPSS

Exploits0References1

Prion•added 2023/12/15 4:15 p.m.•12 views

Cross site scripting

4.3CVSS7AI score0.00135EPSS

CVE•added 2023/12/15 3:30 p.m.•41 views

CVE-2023-49829

CVE-2023-49829 pertains to the Tutor LMS WordPress plugin (Tutor LMS – eLearning and online course solution) and describes an issue where input is not properly sanitized during web page generation, allowing stored XSS. Affected versions are Tutor LMS

5.9CVSS6.6AI score0.00135EPSS

WPVulnDB•added 2023/11/23 12:0 a.m.•46 views

LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion

Description The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and abov...

6.7CVSS6.4AI score0.01655EPSS