VYPR

Tutor Lms

by WordPress

Source repositories

CVEs (52)

  • CVE-2024-4352HigMay 16, 2024
    risk 0.57cvss 8.8epss 0.01

    The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that…

  • CVE-2024-4223CriMay 16, 2024
    risk 0.57cvss 9.8epss 0.01

    The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add,…

  • CVE-2024-1751HigMar 13, 2024
    risk 0.57cvss 8.8epss 0.03

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2021-24184HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.

  • CVE-2023-25799HigJun 11, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.

  • CVE-2023-25800HigNov 3, 2023
    risk 0.53cvss 8.1epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.

  • CVE-2023-25700HigNov 3, 2023
    risk 0.53cvss 8.2epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

  • CVE-2024-4318HigMay 16, 2024
    risk 0.50cvss 8.8epss 0.01

    The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2025-58993HigSep 9, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS tutor allows SQL Injection.This issue affects Tutor LMS: from n/a through <= 3.7.4.

  • CVE-2024-43282HigAug 18, 2024
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

  • CVE-2024-37256HigJul 9, 2024
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

  • CVE-2023-3133HigJul 4, 2023
    risk 0.49cvss 7.5epss 0.01

    The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

  • CVE-2024-10400HigNov 21, 2024
    risk 0.48cvss 7.5epss 0.83

    The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2024-4902HigJun 7, 2024
    risk 0.47cvss 7.2epss 0.01

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2024-4222HigMay 16, 2024
    risk 0.47cvss 7.3epss 0.00

    The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to…

  • CVE-2023-25990HigNov 3, 2023
    risk 0.46cvss 7.1epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

  • CVE-2020-8615MedFeb 4, 2020
    risk 0.46cvss 6.5epss 0.09

    A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

  • CVE-2026-40743MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

  • CVE-2024-43231MedAug 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.

  • CVE-2021-24186MedApr 5, 2021
    risk 0.42cvss 6.5epss 0.01

    The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

Page 1 of 3