Shodan
Vulnerabilities
Vulnerable Software
Themeum:  >> Tutor Lms  >> 1.9.8  Security Vulnerabilities
CVE-2023-25990
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-03
CVE-2023-4805
The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-16
CVE-2023-3133
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
CVSS Score
7.5
EPSS Score
0.011
Published
2023-07-04
CVE-2023-0236
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.201
Published
2023-02-06
CVE-2022-2563
The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2022-10-17
CVE-2021-25017
The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.003
Published
2022-01-24
CVE-2021-24873
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.002
Published
2021-11-23
CVE-2021-24740
The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-10-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved