Vulnerabilities > Themeum > Tutor LMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-05 | CVE-2021-24185 | SQL Injection vulnerability in Themeum Tutor LMS The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. | 4.0 |
| 2021-04-05 | CVE-2021-24184 | Missing Authorization vulnerability in Themeum Tutor LMS Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. | 6.5 |
| 2021-04-05 | CVE-2021-24183 | SQL Injection vulnerability in Themeum Tutor LMS The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. | 4.0 |
| 2021-04-05 | CVE-2021-24182 | SQL Injection vulnerability in Themeum Tutor LMS The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. | 4.0 |
| 2021-04-05 | CVE-2021-24181 | SQL Injection vulnerability in Themeum Tutor LMS The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. | 6.5 |