Medium severity5.3NVD Advisory· Published Nov 21, 2024· Updated Jun 17, 2026
CVE-2024-10393
CVE-2024-10393
Description
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- themeum/Tutor LMS – eLearning and online course solutionv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.