2 matches found
CVE-2026-15022
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2026-15022
The CVE covers Tutor LMS (WordPress) up to version 4.0.0, where a generic SQL Injection via Stored Quiz Answer Array exists due to insufficient escaping and improper query preparation. The vulnerability is stored at quiz-attempt time (wp_ajax_tutor_quiz_abandon) and only executes when a privilege...