2 matches found
The vulnerability of the erase_tutor_data() function in the Tutor plugin for the WordPress content management system allows a hacker to perform a CSRF attack.
The vulnerability of the erasetutordata function in the Tutor plugin of the WordPress content management system is related to the,nonce。, CSRF 。...
CVE-2024-1503
CVE-2024-1503 affects Tutor LMS – eLearning and online course solution (WordPress) up to version 2.6.1. Root cause: missing/incorrect nonce validation in erase_tutor_data(), enabling CSRF. Impact: unauthenticated attackers can deactivate the plugin and erase data via forged requests if the "Erase...