CVE-2023-49829

CVE-2023-49829 pertains to the Tutor LMS WordPress plugin (Tutor LMS – eLearning and online course solution) and describes an issue where input is not properly sanitized during web page generation, allowing stored XSS. Affected versions are Tutor LMS

WordPress path traversal vulnerability (CNVD-2021-44306)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress plugin online course solution versions prior to...

CVE-2021-24184 Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

CVE-2021-24185

The CVE-2021-24185 affects the Tutor LMS WordPress plugin prior to version 1.7.7. The vulnerability lies in the tutor_place_rating AJAX action, where blind and time-based SQL injections allow exploitation by a student attacker. Impact, as stated, is exposure of data through SQL injection; exploit...