CVE-2024-10393 – The Tutor LMS WordPress plugin vulnerability al... (How to Fix)

Q: What is the severity of CVE-2024-10393?

CVE-2024-10393 has a CVSS score of 5.3 (MEDIUM). The Tutor LMS WordPress plugin vulnerability allows unauthenticated attackers to register user accounts even when site registration is disabled. This affects WordPress sites using Tutor LMS version 2.7.6 or earlier. Attackers can create accounts with default site roles, potentially gaining unauthorized access.

📋 TL;DR

The Tutor LMS WordPress plugin vulnerability allows unauthenticated attackers to register user accounts even when site registration is disabled. This affects WordPress sites using Tutor LMS version 2.7.6 or earlier. Attackers can create accounts with default site roles, potentially gaining unauthorized access.

💻 Affected Systems

Products:

Tutor LMS WordPress Plugin

Versions: Up to and including 2.7.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with Tutor LMS plugin installed and active.

📦 What is this software?

Tutor Lms by Themeum

View all CVEs affecting Tutor Lms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers create administrative accounts, take over the WordPress site, and potentially compromise the entire web server.

🟠

Likely Case

Attackers create multiple user accounts to spam the site, access restricted content, or perform limited malicious activities.

🟢

If Mitigated

If proper role-based access controls exist, attackers only gain low-privilege accounts with minimal impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to vulnerable endpoint with minimal technical knowledge required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.7

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3186319/tutor

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Tutor LMS and click 'Update Now'. 4. Verify version is 2.7.7 or higher.

🔧 Temporary Workarounds

Disable Tutor LMS Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate tutor

Block Registration Endpoint

linux

Use web application firewall or .htaccess to block access to vulnerable endpoint

RewriteEngine On
RewriteRule ^wp-content/plugins/tutor/.*register_instructor - [F,L]

🧯 If You Can't Patch

Implement rate limiting on registration endpoints
Enable WordPress user registration approval and monitor new registrations

🔍 How to Verify

Check if Vulnerable:

Check Tutor LMS plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

wp plugin get tutor --field=version

Verify Fix Applied:

Verify Tutor LMS version is 2.7.7 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual user registration spikes
Registrations from unexpected IPs
Multiple registrations with similar usernames

Network Indicators:

POST requests to /wp-content/plugins/tutor/ endpoints with registration parameters

SIEM Query:

source="wordpress.log" AND ("register_instructor" OR "tutor/registration")

📊 Metadata

CVE ID: CVE-2024-10393

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-284

Published: November 21, 2024

Last Updated: January 23, 2025

🔗 References

https://plugins.trac.wordpress.org/changeset/3186319/tutor Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10393, you might also want to check these: