| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-10400 | Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter | themeum | Tutor LMS – eLearning and online course solution | High | 7.5 | 2024-11-21 07:35:37 | Deep Dive |
| CVE-2024-10393 | Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.3 | 2024-11-21 06:49:54 | Deep Dive |
| CVE-2024-10897 | Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation | themeum | Tutor LMS Elementor Addons | Medium | 4.3 | 2024-11-15 04:29:05 | Deep Dive |
| CVE-2024-43142 | WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability | Themeum | Tutor LMS | Medium | 4.3 | 2024-11-01 14:17:47 | Deep Dive |
| CVE-2024-43937 | WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability | Themeum | WP Crowdfunding | Medium | 6.4 | 2024-11-01 14:17:17 | Deep Dive |
| CVE-2024-10117 | WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode | themeum | WP Crowdfunding | Medium | 6.4 | 2024-10-26 11:18:19 | Deep Dive |
| CVE-2023-2919 | Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2024-09-10 09:30:19 | Deep Dive |
| CVE-2024-43955 | WordPress Droip plugin < 2.5.2 - Arbitrary File Deletion vulnerability | Themeum | Droip | Critical | 10.0 | 2024-08-29 15:19:58 | Deep Dive |
| CVE-2024-43954 | WordPress Droip plugin < 2.5.2 - Settings Change vulnerability | Themeum | Droip | Medium | 6.3 | 2024-08-29 15:18:08 | Deep Dive |
| CVE-2024-39645 | WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability | Themeum | Tutor LMS | Medium | 5.4 | 2024-08-26 20:55:42 | Deep Dive |
| CVE-2024-5576 | Tutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget | themeum | Tutor LMS Elementor Addons | Medium | 6.4 | 2024-08-20 05:30:03 | Deep Dive |
| CVE-2024-43282 | WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability | Themeum | Tutor LMS | High | 7.6 | 2024-08-18 21:39:11 | Deep Dive |
| CVE-2024-43231 | WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability | Themeum | Tutor LMS | Medium | 6.5 | 2024-08-12 21:04:07 | Deep Dive |
| CVE-2024-1798 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml | themeum | Tutor LMS – Migration Tool | Medium | 5.3 | 2024-07-27 01:51:02 | Deep Dive |
| CVE-2024-1804 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml | themeum | Tutor LMS – Migration Tool | Medium | 4.3 | 2024-07-27 01:51:01 | Deep Dive |
| CVE-2024-37947 | WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability | Themeum | Tutor LMS | Medium | 5.9 | 2024-07-20 08:31:16 | Deep Dive |
| CVE-2024-37266 | WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability | Themeum | Tutor LMS | Medium | 4.9 | 2024-07-09 10:08:37 | Deep Dive |
| CVE-2024-37256 | WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability | Themeum | Tutor LMS | High | 7.6 | 2024-07-09 09:02:45 | Deep Dive |
| CVE-2023-25799 | WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities | Themeum | Tutor LMS | High | 8.3 | 2024-06-11 09:15:01 | Deep Dive |
| CVE-2024-5438 | Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2024-06-07 12:33:43 | Deep Dive |