The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Themeum
Themeum tutor Lms - Migration Tool |
|
CPEs | cpe:2.3:a:themeum:tutor_lms_-_migration_tool:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Themeum
Themeum tutor Lms - Migration Tool |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-07-27T01:51:01.946Z
Updated: 2024-08-01T18:48:22.056Z
Reserved: 2024-02-22T20:23:22.275Z
Link: CVE-2024-1798
Vulnrichment
Updated: 2024-08-01T18:48:22.056Z
NVD
Status : Modified
Published: 2024-07-27T02:15:09.800
Modified: 2024-11-21T08:51:20.647
Link: CVE-2024-1798
Redhat
No data.