CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WPVulnDB•added 2024/03/12 12:0 a.m.•13 views

Tutor LMS – eLearning and online course solution < 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutordeleteannouncement function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attacker...

5.4CVSS6.5AI score0.00094EPSS

Openbugbounty•added 2024/03/09 12:10 p.m.•11 views

elearning.set.or.th Cross Site Scripting vulnerability OBB-3868440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Prion•added 2024/02/29 1:43 a.m.•25 views

Design/Logic Flaw

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attacker...

4CVSS7AI score0.00207EPSS

Exploits0References2

WPVulnDB•added 2024/02/21 12:0 a.m.•16 views

Academy LMS – eLearning and online course solution for WordPress < 1.9.20 - Authenticated (Subscriber+) Privilege Escalation

Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saveduserinfo function. This makes it...

8.8CVSS7.1AI score0.00176EPSS

CVE•added 2024/02/20 6:56 p.m.•75 views

CVE-2024-1133

The Tutor LMS WordPress plugin (versions up to and including 2.6.0) is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions.Authenticated users with subscriber access or higher can interact with questions in courses they are...

4.3CVSS5.2AI score0.00207EPSS

WPVulnDB•added 2024/02/20 12:0 a.m.•20 views

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

4.3CVSS6.2AI score0.00207EPSS

Openbugbounty•added 2024/01/05 9:6 a.m.•10 views

elearning.ice.ntnu.edu.tw Cross Site Scripting vulnerability OBB-3828434

6.2AI score

Prion•added 2023/12/15 4:15 p.m.•13 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4...

4.3CVSS7AI score0.00135EPSS

CVE•added 2023/12/15 3:30 p.m.•42 views

CVE-2023-49829

CVE-2023-49829 pertains to the Tutor LMS WordPress plugin (Tutor LMS – eLearning and online course solution) and describes an issue where input is not properly sanitized during web page generation, allowing stored XSS. Affected versions are Tutor LMS

5.9CVSS6.6AI score0.00135EPSS

WPVulnDB•added 2023/11/23 12:0 a.m.•47 views

LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion

Description The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and abov...

6.7CVSS6.4AI score0.01655EPSS

NVD•added 2023/11/22 4:15 p.m.•10 views

CVE-2023-6160

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read t...

6.7CVSS0.01655EPSS

Exploits0References2

CVE•added 2023/11/22 3:33 p.m.•98 views

CVE-2023-6160

The CVE-2023-6160 issue affects the LifterLMS WordPress plugin (versions up to 7.4.2). The root cause is a Directory Traversal in the maybe_serve_export function, allowing authenticated users with administrator or LMS manager access to read arbitrary server CSV files and to remove those files. Ex...

6.7CVSS6.1AI score0.01655EPSS

Openbugbounty•added 2023/10/15 10:12 p.m.•17 views

elearning.ethos.ae Cross Site Scripting vulnerability OBB-3751449

Openbugbounty•added 2023/10/13 3:30 p.m.•8 views

elearning.com.ui.edu.ng Open Redirect vulnerability OBB-3747538

6.6AI score

Openbugbounty•added 2023/10/12 7:38 a.m.•14 views

elearning.lipor.pt Open Redirect vulnerability OBB-3743167

6.6AI score

Openbugbounty•added 2023/09/29 2:20 p.m.•15 views

elearning.aatt.edu.au Cross Site Scripting vulnerability OBB-3712344

Openbugbounty•added 2023/09/27 4:58 p.m.•19 views

elearning.pioneergirlsjunioracademy.co.ke Cross Site Scripting vulnerability OBB-3711647

Openbugbounty•added 2023/09/25 3:52 p.m.•12 views

elearning.fsdafrica.org Cross Site Scripting vulnerability OBB-3711106

Patchstack•added 2023/07/18 12:0 a.m.•5 views

WordPress LMS Plugin – eLearning, Online Courses by Attest Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software LMS Plugin – eLearning, Online Courses by Attest Type Plugin Vulnerable versions = 1.7.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3780cc3e494d Credits...

6.9AI score0.00209EPSS