The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
History

Thu, 19 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Themeum
Themeum tutor Lms - Migration Tool
CPEs cpe:2.3:a:themeum:tutor_lms_-_migration_tool:*:*:*:*:*:wordpress:*:*
Vendors & Products Themeum
Themeum tutor Lms - Migration Tool

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-27T01:51:01.946Z

Updated: 2024-08-01T18:48:22.056Z

Reserved: 2024-02-22T20:23:22.275Z

Link: CVE-2024-1798

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:22.056Z

cve-icon NVD

Status : Modified

Published: 2024-07-27T02:15:09.800

Modified: 2024-11-21T08:51:20.647

Link: CVE-2024-1798

cve-icon Redhat

No data.