| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-4318 | Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection | themeum | Tutor LMS – eLearning and online course solution | High | 8.8 | 2024-05-16 05:33:28 | Deep Dive |
| CVE-2024-4279 | Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion | themeum | Tutor LMS – eLearning and online course solution | Medium | 6.5 | 2024-05-16 05:33:26 | Deep Dive |
| CVE-2024-35171 | WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability | Academy LMS | Academy LMS | Medium | 5.3 | 2024-05-13 09:08:23 | Deep Dive |
| CVE-2024-4277 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2024-05-10 09:32:09 | Deep Dive |
| CVE-2024-4444 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2024-05-10 08:32:35 | Deep Dive |
| CVE-2024-4434 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 9.8 | 2024-05-10 08:32:33 | Deep Dive |
| CVE-2024-4397 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.8 | 2024-05-09 20:03:42 | Deep Dive |
| CVE-2024-4186 | Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check | wisdmlabs | Edwiser Bridge – WordPress Moodle Integration | Critical | 9.8 | 2024-05-07 05:32:59 | Deep Dive |
| CVE-2024-33912 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability | Academy LMS | Academy LMS | High | 7.1 | 2024-05-06 19:07:55 | Deep Dive |
| CVE-2024-3553 | Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update | themeum | Tutor LMS – eLearning and online course solution | Medium | 6.5 | 2024-05-02 16:52:53 | Deep Dive |
| CVE-2024-3942 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.3 | 2024-05-02 16:52:11 | Deep Dive |
| CVE-2024-3994 | Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.4 | 2024-04-25 09:29:58 | Deep Dive |
| CVE-2024-3560 | LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2024-04-19 01:57:09 | Deep Dive |
| CVE-2024-3932 | Totara LMS User Selector cross-site request forgery | Totara | LMS | Low | 3.1 | 2024-04-18 00:00:06 | Deep Dive |
| CVE-2024-3931 | Totara LMS User Selector check.php cross site scripting | Totara | LMS | Low | 3.5 | 2024-04-18 00:00:05 | Deep Dive |
| CVE-2024-1463 | LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.4 | 2024-04-09 18:59:12 | Deep Dive |
| CVE-2024-3136 | MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-04-09 18:59:08 | Deep Dive |
| CVE-2024-1904 | MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 4.3 | 2024-04-09 18:58:37 | Deep Dive |
| CVE-2024-1289 | LearnPress <= 4.2.6.3 - Insecure Direct Object Reference | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.5 | 2024-04-09 18:58:32 | Deep Dive |
| CVE-2024-2115 | LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.8 | 2024-04-05 07:34:36 | Deep Dive |