Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-12-05
CVE-2025-6680 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't teach which may contain sensitive information.
PLUGIN
Tutor Lms
CVE-2025-6680
Risk Score
Threat Entry
Updated 2025-12-05
CVE-2025-11564 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it possible for unauthenticated attackers to bypass payment verification and mark orders as paid by submitting forged webhook requests with `payment_type` set to 'recurring'.
PLUGIN
Tutor Lms
CVE-2025-11564
Risk Score
Threat Entry
Updated 2025-08-25
CVE-2025-7841 - Tutor Lms Plugin
The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifier_settings' page. This makes it possible for unauthenticated attackers to update the plugin's api key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Tutor Lms
CVE-2025-7841
Risk Score
Threat Entry
Updated 2025-01-23
CVE-2024-10400 - Tutor Lms Plugin
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Tutor Lms
CVE-2024-10400
Risk Score
Threat Entry
Updated 2025-01-23
CVE-2024-10393 - Tutor Lms Plugin
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
PLUGIN
Tutor Lms
CVE-2024-10393
Risk Score
Threat Entry
Updated 2024-09-26
CVE-2023-2919 - Tutor Lms Plugin
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Tutor Lms
CVE-2023-2919
Risk Score
Threat Entry
Updated 2025-07-11
CVE-2024-5784 - Tutor Lms Plugin
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.
PLUGIN
Tutor Lms
CVE-2024-5784
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5438 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Instructor-level access and above, to delete arbitrary quiz attempts.
PLUGIN
Tutor Lms
CVE-2024-5438
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4902 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Tutor Lms
CVE-2024-4902
Risk Score
Threat Entry
Updated 2025-01-22
CVE-2024-4352 - Tutor Lms Plugin
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to…
PLUGIN
Tutor Lms
CVE-2024-4352
Risk Score
Threat Entry
Updated 2025-01-22
CVE-2024-4351 - Tutor Lms Plugin
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.
PLUGIN
Tutor Lms
CVE-2024-4351
Risk Score
Threat Entry
Updated 2025-01-22
CVE-2024-4222 - Tutor Lms Plugin
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
PLUGIN
Tutor Lms
CVE-2024-4222
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2024-4223 - Tutor Lms Plugin
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.
PLUGIN
Tutor Lms
CVE-2024-4223
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2024-4318 - Tutor Lms Plugin
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Tutor Lms
CVE-2024-4318
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2024-4279 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course.
PLUGIN
Tutor Lms
CVE-2024-4279
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-3553 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled.
PLUGIN
Tutor Lms
CVE-2024-3553
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-3994 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Tutor Lms
CVE-2024-3994
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-1502 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.
PLUGIN
Tutor Lms
CVE-2024-1502
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-1503 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the "Erase upon uninstallation" option to be enabled.
PLUGIN
Tutor Lms
CVE-2024-1503
Risk Score
Threat Entry
Updated 2025-01-15
CVE-2024-1751 - Tutor Lms Plugin
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Tutor Lms
CVE-2024-1751
Risk Score