CVE-2025-32809

W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...

CVE-2024-4318

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

The vulnerability of the Tutor LMS plugin for the WordPress content management system allows a hacker to execute arbitrary SQL queries and gain unauthorized access to protected information.

The vulnerability of the Tutor LMS plugin for the WordPress content management system is related to the lack of protection for the SQL query structure when processing the questionid parameter. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries and gain unauthorized...

PT-2024-3141

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to, and including, 2.6.1 Description The issue is related to a SQL Injection vulnerability due to insufficient protection of the SQL query structure when handling the question id parameter. This allows a remote attacker t...

CVE-2022-38260

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=...