Tutor Lms Elearning And Online Course Solution
Monthly
{id} - complicates both detection and opportunistic exploitation, as the attacker cannot independently fire the injected SQL. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS data was not provided.
Stored Cross-Site Scripting in Tutor LMS (WordPress plugin by Themeum) versions through 3.9.13 allows authenticated attackers holding author-level or higher WordPress roles to inject persistent malicious scripts via the Lesson Attachment Title field. The injected payload is stored in the WordPress database and executes in the browser of any user who subsequently accesses a course page rendering the attachment - achieving a scope change from the plugin's context into the victim's browsing session. No public exploit code or CISA KEV listing has been identified at time of analysis, but the Wordfence disclosure includes direct source-code references to the vulnerable rendering path, lowering the barrier to exploitation.
SQL injection in Tutor LMS (WordPress plugin by Themeum) exposes the underlying database to read-access by any authenticated administrator. The flaw resides in the withdrawal-request management flow - specifically WithdrawModel.php and withdraw_requests.php - where a 'data' parameter is passed to SQL queries without adequate escaping or parameterization. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the data-exposure impact (C:H) is real, and a patched release (3.9.12) is confirmed in the WordPress plugin repository.
{id} - complicates both detection and opportunistic exploitation, as the attacker cannot independently fire the injected SQL. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS data was not provided.
Stored Cross-Site Scripting in Tutor LMS (WordPress plugin by Themeum) versions through 3.9.13 allows authenticated attackers holding author-level or higher WordPress roles to inject persistent malicious scripts via the Lesson Attachment Title field. The injected payload is stored in the WordPress database and executes in the browser of any user who subsequently accesses a course page rendering the attachment - achieving a scope change from the plugin's context into the victim's browsing session. No public exploit code or CISA KEV listing has been identified at time of analysis, but the Wordfence disclosure includes direct source-code references to the vulnerable rendering path, lowering the barrier to exploitation.
SQL injection in Tutor LMS (WordPress plugin by Themeum) exposes the underlying database to read-access by any authenticated administrator. The flaw resides in the withdrawal-request management flow - specifically WithdrawModel.php and withdraw_requests.php - where a 'data' parameter is passed to SQL queries without adequate escaping or parameterization. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the data-exposure impact (C:H) is real, and a patched release (3.9.12) is confirmed in the WordPress plugin repository.