Tutor LMS for WordPress Open to Info-Stealing Security Holes

2021-03-18 11:50

Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers.

Tutor LMS is a learning-management system for educators that allows them to digitally reach their students.

The first SQL-injection issue exists in a review feature in Tutor LMS that allows students to rate their courses.

The first of these vulnerabilities exists in the Tutor LMS feature that allows teachers to retrieve a set of answers for a given question, while analyzing the response of students.

In January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers.

News URL

https://threatpost.com/tutor-lms-wordpress-security-holes/164868/

#security #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578

News URL

Related news

Related vendor