Unauthorized Access to Data in Tutor LMS Plugin for WordPress
CVE-2024-4223
9.8CRITICAL
Key Information
- Vendor
- Themeum
- Status
- Tutor Lms – Elearning And Online Course Solution
- Vendor
- Published:
- 16 May 2024
Summary
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.
Affected Version(s)
Tutor LMS – eLearning and online course solution <= 2.7.0
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Timeline
Vulnerability published.
Disclosed
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Villu Orav