Tutor Lms@2.7.6 Security Vulnerabilities and Issues — Tutor Lms@2.7.6 CVE List

Lucene search

ThemeumTutor Lms2.7.6

2 matches found

CVE•added 2024/11/21 11:15 a.m.•94 views

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauth...

7.5CVSS7.6AI score0.92915EPSS

CVE•added 2024/11/21 11:15 a.m.•46 views

CVE-2024-10393

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the ...

5.3CVSS5.2AI score0.00113EPSS