Shodan
Vulnerabilities
Vulnerable Software
Themeum:  Security Vulnerabilities
CVE-2024-39645
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-26
CVE-2024-5576
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-08-20
CVE-2024-43282
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVSS Score
7.6
EPSS Score
0.003
Published
2024-08-18
CVE-2024-43231
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-12
CVE-2024-1804
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-27
CVE-2024-1798
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
CVSS Score
5.3
EPSS Score
0.008
Published
2024-07-27
CVE-2024-37947
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-20
CVE-2024-37266
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.
CVSS Score
4.9
EPSS Score
0.006
Published
2024-07-09
CVE-2024-37256
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-07-09
CVE-2023-25799
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.
CVSS Score
8.3
EPSS Score
0.004
Published
2024-06-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved