Themeum Tutor LMS Missing Authorization Vulnerability Affects Multiple Versions
CVE-2023-25799

8.3HIGH

Key Information:

Vendor: WordPress
Status: Tutor Lms
Vendor: CVE Published:; 11 June 2024

Summary

A missing authorization vulnerability exists in Themeum's Tutor LMS, allowing unauthorized users to potentially gain access to sensitive functionalities meant for authenticated users. This flaw can lead to unauthorized actions that compromise the integrity and privacy of user data. The issue affects all versions of Tutor LMS up to 2.1.8, posing a significant security risk for websites utilizing this plugin.

Affected Version(s)

Tutor LMS <= 2.1.8

References

https://patchstack.com/database/vulnerability/tutor/wordp...

vdb-entry

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 15, 2023

Credit

Rafie Muhammad (Patchstack)