Themeum

Tutor Lms

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-43231

  • EPSS 0.25%
  • Veröffentlicht 12.08.2024 21:15:32
  • Zuletzt bearbeitet 22.01.2025 22:10:37

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.

4.8

CVE-2024-37947

  • EPSS 0.21%
  • Veröffentlicht 20.07.2024 09:15:06
  • Zuletzt bearbeitet 03.02.2025 15:36:35

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.

7.2

CVE-2024-37266

  • EPSS 1.01%
  • Veröffentlicht 09.07.2024 10:15:04
  • Zuletzt bearbeitet 21.11.2024 09:23:30

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

7.2

CVE-2024-37256

  • EPSS 0.19%
  • Veröffentlicht 09.07.2024 09:15:03
  • Zuletzt bearbeitet 21.11.2024 09:23:28

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

8.8

CVE-2023-25799

  • EPSS 0.6%
  • Veröffentlicht 11.06.2024 10:15:10
  • Zuletzt bearbeitet 21.11.2024 07:50:13

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.

4.3

CVE-2024-5438

  • EPSS 0.15%
  • Veröffentlicht 07.06.2024 13:15:50
  • Zuletzt bearbeitet 08.04.2026 17:19:03

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled k...

7.2

CVE-2024-4902

  • EPSS 1.18%
  • Veröffentlicht 07.06.2024 05:15:49
  • Zuletzt bearbeitet 08.04.2026 19:21:48

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter ...

8.8

CVE-2024-4352

  • EPSS 23.34%
  • Veröffentlicht 16.05.2024 10:15:10
  • Zuletzt bearbeitet 08.04.2026 19:21:35

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the...

8.8

CVE-2024-4351

  • EPSS 31.04%
  • Veröffentlicht 16.05.2024 10:15:09
  • Zuletzt bearbeitet 08.04.2026 18:21:46

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possib...

8.2

CVE-2024-4222

  • EPSS 0.58%
  • Veröffentlicht 16.05.2024 10:15:08
  • Zuletzt bearbeitet 08.04.2026 18:21:43

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for un...