Medium severity6.5NVD Advisory· Published May 16, 2024· Updated Apr 8, 2026
CVE-2024-4279
CVE-2024-4279
Description
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=2.7.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.