Vulnerabilities > Themeum > Tutor LMS

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-43142 Missing Authorization vulnerability in Themeum Tutor LMS
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
network
low complexity
themeum CWE-862
8.8
2024-09-10 CVE-2023-2919 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4.
network
low complexity
themeum CWE-352
4.3
2024-08-26 CVE-2024-39645 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
network
low complexity
themeum CWE-352
8.8
2024-08-18 CVE-2024-43282 SQL Injection vulnerability in Themeum Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
network
low complexity
themeum CWE-89
7.2
2024-08-12 CVE-2024-43231 Cross-site Scripting vulnerability in Themeum Tutor LMS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.
network
low complexity
themeum CWE-79
5.4
2024-07-20 CVE-2024-37947 Unspecified vulnerability in Themeum Tutor LMS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.
network
low complexity
themeum
4.8
2024-07-09 CVE-2024-37266 Unspecified vulnerability in Themeum Tutor LMS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.
network
low complexity
themeum
7.2
2024-07-09 CVE-2024-37256 Unspecified vulnerability in Themeum Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.
network
low complexity
themeum
7.2
2024-06-11 CVE-2023-25799 Unspecified vulnerability in Themeum Tutor LMS
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.
network
low complexity
themeum
8.8
2024-06-07 CVE-2024-5438 Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key.
network
low complexity
themeum CWE-639
4.3