CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24184 – Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-24184
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. Varios endpoints AJAX en el plugin de WordPress Tutor LMS - eLearning and online course solution versiones anteriores a 1.7.7, estaban desprotegidos, permitiendo a los estudiantes modificar la información del curso y elevar sus privilegios entre muchas otras acciones • https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-8615 – Tutor LMS < 1.5.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-8615
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). Una vulnerabilidad de tipo CSRF en el plugin Tutor LMS versiones anteriores a 1.5.3 para WordPress, puede resultar en que un atacante se apruebe como instructor y lleve a cabo otras acciones maliciosas (tales como bloquear instructores legítimos). WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/48151 http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html https://wpvulndb.com/vulnerabilities/10058 https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms https://www.themeum.com/tutor-lms-updated-v1-5-3 • CWE-352: Cross-Site Request Forgery (CSRF) •