Vulnerabilities > Themeum > Tutor LMS > 2.3.0

DATE CVE VULNERABILITY TITLE RISK
2024-05-16 CVE-2024-4318 SQL Injection vulnerability in Themeum Tutor LMS
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
themeum CWE-89
6.5
6.5
2024-04-25 CVE-2024-3994 Cross-site Scripting vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themeum CWE-79
5.4
5.4
2024-03-21 CVE-2024-1502 Missing Authorization vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1.
network
low complexity
themeum CWE-862
4.3
4.3
2024-02-29 CVE-2024-1128 Cross-site Scripting vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0.
network
low complexity
themeum CWE-79
3.5
3.5