Lucene search
K

4 matches found

EUVD
EUVD
added 2026/04/10 3:31 a.m.4 views

EUVD-2026-21257

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

7.5CVSS5.9AI score0.00615EPSS
Exploits0References7
CVE
CVE
added 2026/04/10 1:24 a.m.23 views

CVE-2026-3360

The CVE concerns Tutor LMS for WordPress, affecting all versions up to 3.9.7. The root cause is an Insecure Direct Object Reference in pay_incomplete_order(), which accepts an attacker-controlled order_id and uses it to fetch order data, then overwrites the order owner’s billing fields (name, ema...

7.5CVSS5.9AI score0.00615EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.4 views

CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References6
Rows per page
Query Builder