The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Metrics
Affected Vendors & Products
References
History
Thu, 21 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Themeum
Themeum tutor Lms |
|
CPEs | cpe:2.3:a:themeum:tutor_lms:-:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Themeum
Themeum tutor Lms |
|
Metrics |
ssvc
|
Thu, 21 Nov 2024 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | |
Title | Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-21T06:49:54.320Z
Updated: 2024-11-21T14:44:35.733Z
Reserved: 2024-10-25T18:18:25.445Z
Link: CVE-2024-10393
Vulnrichment
Updated: 2024-11-21T14:44:24.548Z
NVD
Status : Awaiting Analysis
Published: 2024-11-21T11:15:16.040
Modified: 2024-11-21T13:57:24.187
Link: CVE-2024-10393
Redhat
No data.