CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3553 – Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update
https://notcve.org/view.php?id=CVE-2024-3553
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función hide_notices en todas las versiones hasta la 2.6.2 incluida. Esto hace posible que atacantes no autenticados habiliten el registro de usuarios en sitios que pueden tenerlo deshabilitado. • https://plugins.trac.wordpress.org/changeset/3076302/tutor/tags/2.7.0/classes/User.php https://www.wordfence.com/threat-intel/vulnerabilities/id/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3994 – Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode
https://notcve.org/view.php?id=CVE-2024-3994
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del código corto 'tutor_instructor_list' del complemento en todas las versiones hasta la 2.6.2 incluida debido a una sanitización de entrada insuficiente y a un escape de salida proporcionado por el usuario. atributos. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset/3076302/tutor/tags/2.7.0/templates/shortcode/instructor-filter.php https://www.wordfence.com/threat-intel/vulnerabilities/id/324fc401-04ca-4707-8727-b8c3a66f7fd6?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1503 – Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase
https://notcve.org/view.php?id=CVE-2024-1503
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the "Erase upon uninstallation" option to be enabled. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.6.1 incluida. • https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Admin.php#L465 https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1502 – Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
https://notcve.org/view.php?id=CVE-2024-1502
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en la función tutor_delete_announcement() en todas las versiones hasta la 2.6.1 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen publicaciones arbitrarias. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1751 – Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-1751
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Tutor LMS – eLearning and online course solution para WordPress es vulnerable a la inyección SQL basada en tiempo a través del parámetro question_id en todas las versiones hasta la 2.6.1 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente. en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de suscriptor/estudiante o superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información confidencial de la base de datos. • https://plugins.trac.wordpress.org/browser/tutor/tags/2.6.1/classes/Utils.php#L4555 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •