Product
themeum tutor lms
49 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-6680
CVE-2025-11564
CVE-2024-10400
CVE-2024-10393
CVE-2024-43142
CVE-2023-2919
CVE-2024-5784
CVE-2024-39645
CVE-2024-43282
CVE-2024-43231
CVE-2024-37947
CVE-2024-37266
CVE-2024-37256
CVE-2023-25799
CVE-2024-5438
CVE-2024-4902
CVE-2024-4352
CVE-2024-4351
CVE-2024-4222
CVE-2024-4223
CVE-2024-4318
CVE-2024-4279
CVE-2024-3553
CVE-2024-3994
CVE-2024-1503
CVE-2024-1502
CVE-2024-1751
CVE-2024-1133
CVE-2024-1128
CVE-2023-49829
CVE-2023-25990
CVE-2023-25800
CVE-2023-25700
CVE-2023-4805
CVE-2023-3133
CVE-2023-0236
CVE-2022-2563
CVE-2021-25017
CVE-2021-24873
CVE-2021-24740
CVE-2021-24455
CVE-2021-24242
CVE-2021-24186
CVE-2021-24185
CVE-2021-24184
CVE-2021-24183
CVE-2021-24182
CVE-2021-24181
CVE-2020-8615
< 3.9.0
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all v
< 3.9.0
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due t
<= 2.7.6
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and
<= 2.7.6
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is d
< 2.7.4
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.T
< 2.7.5
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is du
< 2.7.3
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability
< 2.7.3
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
< 2.7.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue
< 2.7.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS all
< 2.7.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS all
< 2.7.2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Trav
< 2.7.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue
< 2.1.9
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.
< 2.7.2
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all
< 2.7.2
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘cou
< 2.7.1
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a m
< 2.7.1
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a m
< 2.7.1
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a m
< 2.7.1
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missi
< 2.7.1
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to
< 2.7.1
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arb
< 2.7.0
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due t
< 2.7.0
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu
< 2.6.2
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi
< 2.6.2
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a miss
< 2.6.2
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questi
< 2.6.1
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A c
< 2.6.1
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, a
<= 2.2.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearnin
<= 2.1.10
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL
<= 2.2.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL
<= 2.1.10
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL
< 2.3.0
The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as sub
< 2.2.1
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthe
< 2.0.10
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting t
< 2.0.10
The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such a
< 1.9.12
The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an
< 1.9.11
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the S
< 1.9.9
The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could
< 1.9.2
The Tutor LMS - eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcemen
< 1.8.8
The Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerabi
< 1.8.3
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS - eLearning and online course solution WordPre
< 1.7.7
The tutor_place_rating AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 was vul
< 1.7.7
Several AJAX endpoints in the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, all
< 1.8.3
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin be
< 1.8.3
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS - eLearning and online course solution WordPress plu
< 1.7.7
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7
< 1.5.3
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instr