The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
History

Thu, 19 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Themeum tutor Lms - Migration Tool
CPEs cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:* cpe:2.3:a:themeum:tutor_lms_-_migration_tool:*:*:*:*:*:wordpress:*:*
Vendors & Products Themeum tutor Lms
Themeum tutor Lms - Migration Tool

Thu, 19 Sep 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Themeum
Themeum tutor Lms
CPEs cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
Vendors & Products Themeum
Themeum tutor Lms

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-27T01:51:01.443Z

Updated: 2024-08-01T18:48:22.025Z

Reserved: 2024-02-22T20:53:58.094Z

Link: CVE-2024-1804

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:22.025Z

cve-icon NVD

Status : Modified

Published: 2024-07-27T02:15:10.060

Modified: 2024-11-21T08:51:21.513

Link: CVE-2024-1804

cve-icon Redhat

No data.