Themeum: >> Tutor Lms - Migration Tool Security Vulnerabilities
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-27
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-07-27