CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24182 – Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
https://notcve.org/view.php?id=CVE-2021-24182
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. La acción AJAX tutor_quiz_builder_get_answers_by_question del plugin de WordPress Tutor LMS – eLearning and online course solution versiones anteriores a 1.8.3, era vulnerable a una inyección SQL basada en UNION que podía ser explotada por estudiantes • https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24181 – Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
https://notcve.org/view.php?id=CVE-2021-24181
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. La acción AJAX tutor_mark_answer_as_correct del plugin de WordPress Tutor LMS â€" eLearning and online course solution versión anteriores a 1.7.7, era vulnerable a inyecciones SQL ciegas y basadas en tiempo que podrían ser explotadas por estudiantes • https://wpscan.com/vulnerability/d5a00322-7098-4f8d-8e5e-157b63449c17 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24185 – Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
https://notcve.org/view.php?id=CVE-2021-24185
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. La acción tutor_place_rating AJAX del plugin de WordPress Tutor LMS - eLearning and online course solution versiones anteriores a 1.7.7 era vulnerable a inyecciones SQL ciegas y basadas en tiempo que podían ser explotadas por los estudiantes • https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24186 – Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
https://notcve.org/view.php?id=CVE-2021-24186
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. El par de funciones tutor_answering_quiz_question y get_answer_by_id del plugin Tutor LMS - eLearning and online course solution WordPress versiones anteriores a 1.8.3, era vulnerable a una inyección SQL basada en UNION que podría ser explotada por los estudiantes • https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24184 – Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-24184
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. Varios endpoints AJAX en el plugin de WordPress Tutor LMS - eLearning and online course solution versiones anteriores a 1.7.7, estaban desprotegidos, permitiendo a los estudiantes modificar la información del curso y elevar sus privilegios entre muchas otras acciones • https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •