946 matches found
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors. id: CVE-2020-8615 info: name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Reque...
WordPress Tutor LMS <2.0.10 - Cross Site Scripting
WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the resetkey and userid parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the conte...
Tutor LMS <= 2.7.6 - SQL Injection
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Tutor LMS <= 2.1.10 - SQL Injection
Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...
CVE-2026-10736
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-10736 Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
EUVD-2026-37846
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-10736
CVE-2026-10736 affects the WordPress plugin Tutor LMS (eLearning and online course solution). All versions up to and including 3.9.11 are vulnerable to a generic SQL Injection via the 'data' parameter due to insufficient escaping and inadequate preparation of the SQL query. This can let an authen...
EUVD-2026-37655
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...
CVE-2026-22332
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2026-22332
CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro <=3.9.6, with exploitation status not pr...
CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
EUVD-2026-36974
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
CVE-2026-40743
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
CVE-2026-40743
CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions
PT-2026-49409
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
CVE-2026-5502
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...
CVE-2026-6965
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...