CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4902 – Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-4902
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a la inyección SQL basada en tiempo a través del parámetro 'course_id' en todas las versiones hasta la 2.7.1 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de suficiente preparación en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de administrador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información confidencial de la base de datos. The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L1936 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8 https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5438 – Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
https://notcve.org/view.php?id=CVE-2024-5438
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Instructor-level access and above, to delete arbitrary quiz attempts. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 2.7.1 incluida a través de la función 'attempt_delete' debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de instructor y superior, eliminen intentos de cuestionarios arbitrarios. • https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Quiz.php#L1806 https://plugins.trac.wordpress.org/changeset/3098465 https://www.wordfence.com/threat-intel/vulnerabilities/id/00ec14d4-d97b-40b1-b61b-05e911f49bb0?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4279 – Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
https://notcve.org/view.php?id=CVE-2024-4279
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course. • https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course_List.php#L357 https://plugins.trac.wordpress.org/changeset/3086489 https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4318 – Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-4318
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4456 https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4575 https://plugins.trac.wordpress.org/changeset/3086489 https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4223 – Tutor LMS <= 2.7.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-4223
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data. El complemento Tutor LMS para WordPress es vulnerable al acceso no autorizado a datos, modificación de datos, pérdida de datos debido a una falta de verificación de capacidad en múltiples funciones en todas las versiones hasta la 2.7.0 inclusive. Esto hace posible que atacantes no autenticados agreguen, modifiquen o eliminen datos. • https://plugins.trac.wordpress.org/changeset/3086489 https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve • CWE-862: Missing Authorization •