Security News > 2021 > March > Tutor LMS for WordPress Open to Info-Stealing Security Holes

Tutor LMS for WordPress Open to Info-Stealing Security Holes
2021-03-18 11:50

Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers.

Tutor LMS is a learning-management system for educators that allows them to digitally reach their students.

The first SQL-injection issue exists in a review feature in Tutor LMS that allows students to rate their courses.

The first of these vulnerabilities exists in the Tutor LMS feature that allows teachers to retrieve a set of answers for a given question, while analyzing the response of students.

In January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers.


News URL

https://threatpost.com/tutor-lms-wordpress-security-holes/164868/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159