Unrated severityNVD Advisory· Published Feb 6, 2023· Updated Mar 25, 2025
Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
CVE-2023-0236
Description
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Package: https://wordpress.org/plugins/tutor
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.