📦 Tutor Lms

The Tutor LMS WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to add, modify, or delete data. This affects all versions up to and including 2.7.0. A...

This SQL injection vulnerability in the Tutor LMS WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'rating_filter' parameter. Attackers can extract sensiti...

The Tutor LMS Pro WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or higher to perform administrative actions. This includes ...

This SQL injection vulnerability in Tutor LMS WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all Tutor LMS installations up to version 2.7.1. Attackers...

CVE-2023-25799 is a missing authorization vulnerability in the Tutor LMS WordPress plugin that allows unauthorized users to access student data and perform actions they shouldn't be able to. This affe...

This vulnerability allows authenticated attackers with admin-level access in Tutor LMS WordPress plugin to perform time-based SQL injection attacks via the 'course_id' parameter. Attackers can extract...

This vulnerability in Tutor LMS Pro WordPress plugin allows authenticated attackers with subscriber-level permissions or higher to bypass authorization checks and execute SQL injection attacks. Attack...

The Tutor LMS Pro WordPress plugin up to version 2.7.0 lacks proper capability checks on multiple functions, allowing unauthenticated attackers to add, modify, or delete user metadata and plugin setti...

This vulnerability allows authenticated attackers with Instructor-level permissions or higher in Tutor LMS for WordPress to perform time-based SQL injection attacks via the 'question_id' parameter. At...

This vulnerability allows authenticated attackers with subscriber/student access or higher to perform time-based SQL injection attacks via the question_id parameter in Tutor LMS WordPress plugin. Atta...

This SQL injection vulnerability in the Tutor LMS WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all Tutor LMS installations up to version 2.2.0, poten...

This vulnerability allows unauthenticated attackers to access private lesson information in Tutor LMS WordPress plugin. WordPress sites using Tutor LMS versions before 2.2.1 are affected. The issue st...

This vulnerability in Tutor LMS WordPress plugin allows students to access unprotected AJAX endpoints, enabling them to modify course information and escalate privileges. It affects WordPress sites us...

The Tutor LMS WordPress plugin up to version 3.8.3 contains an access control vulnerability that allows authenticated users with tutor-level permissions or higher to view assignments from courses they...

This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to bypass payment verification by forging webhook requests with 'recurring' payment_type. Attackers can mark orders as...

The Tutor LMS WordPress plugin vulnerability allows unauthenticated attackers to register user accounts even when site registration is disabled. This affects WordPress sites using Tutor LMS version 2....

A stored cross-site scripting (XSS) vulnerability in the Tutor LMS WordPress plugin allows attackers to inject malicious scripts into web pages. When users view affected pages, the scripts execute in ...

This stored cross-site scripting (XSS) vulnerability in the Tutor LMS WordPress plugin allows attackers to inject malicious scripts into web pages. When users view affected pages, the scripts execute ...

This path traversal vulnerability in Tutor LMS WordPress plugin allows attackers to access files outside the intended directory. It affects all Tutor LMS installations from unknown versions up to 2.7....

This vulnerability allows authenticated attackers with Instructor-level access or higher in Tutor LMS WordPress plugin to delete arbitrary quiz attempts due to insufficient validation of user-controll...

This vulnerability allows authenticated attackers with Instructor-level permissions or higher in Tutor LMS WordPress plugin to delete any course without proper authorization. It affects WordPress site...

This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to enable user registration on WordPress sites where it was previously disabled. It affects all Tutor LMS plugin versi...