The vulnerability of the tutor_instructor_list function in the Tutor LMS plugin for WordPress content management systems allows attackers to perform cross-site scripting attacks.

The vulnerability of the tutorinstructorlist function in the Tutor LMS plugin for WordPress content management systems is related to the lack of protective measures for website structures. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

WordPress Tutor LMS plugin <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tutorinstructorlist' Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Tutor LMS versions = 2.6.2...

PT-2024-3144 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tutor instructor list' shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25990 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1abc8ca80b8 Credits Rafie Muhammad Patchstack Required privilege Tutor...