Unauthorized Access to Data in Tutor LMS Plugin for WordPress
CVE-2024-4223
9.8CRITICAL
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 16 May 2024
What is CVE-2024-4223?
The Tutor LMS plugin for WordPress is susceptible to unauthorized data access due to a missing capability check across multiple functions. This vulnerability allows unauthenticated attackers the ability to add, modify, or delete data. The issue affects all versions of the Tutor LMS plugin up to and including version 2.7.0, posing significant risks for WordPress users who rely on this plugin for their educational platforms.
Affected Version(s)
Tutor LMS – eLearning and online course solution * <= 2.7.0