185 matches found
CVE-2024-43955
CVE-2024-43955: Droip (WordPress plugin)
CVE-2024-43954
CVE-2024-43954 corresponds to a Themeum Droip vulnerability in WordPress. Connected sources show an ACL/authorization bypass for Droip allowing access to constrained functionality, affecting Droip versions up to 1.1.1. The Wordfence data explicitly references an Unauthenticated Arbitrary File Del...
PT-2024-30816 · Themeum · Themeum Droip
Name of the Vulnerable Software and Affected Versions: Themeum Droip versions 1.1.1 and earlier Description: The issue is related to an Incorrect Authorization vulnerability, allowing users to access functionality not properly constrained by Access Control Lists ACLs. This means that certain...
PT-2024-30817 · Themeum · Themeum Droip
Name of the Vulnerable Software and Affected Versions: Themeum Droip versions 1.1.1 and earlier Description: The issue affects Themeum Droip, allowing file manipulation due to improper limitation of a pathname to a restricted directory. This is a Path Traversal vulnerability, enabling unauthorize...
CVE-2024-39645
Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-39645
Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-39645
CVE-2024-39645 is a CSRF vulnerability in WordPress Tutor LMS
CVE-2024-39645 WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-43282
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-43282
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-43282
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-43282 WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...
CVE-2024-43282
CVE-2024-43282 is an SQL injection vulnerability in Tutor LMS (authenticated, Administrator+ access) that affects Tutor LMS versions up to and including 2.7.2. Root cause is improper neutralization of input elements in an SQL command. The vulnerability is actively tracked with a patched status, a...
CVE-2024-43231
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3...
CVE-2024-43231
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3...
CVE-2024-43231
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3...
CVE-2024-43231 WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3...
CVE-2024-43231 WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3...
CVE-2024-43231
CVE-2024-43231 is a stored XSS in Tutor LMS (WordPress plugin) via improper neutralization of input during web page generation. Affected: Tutor LMS versions up to 2.7.3. The issue arises from inadequate sanitization of user-supplied content that is later embedded in web pages, enabling stored Cro...
CVE-2024-37947
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2...