Vulnerabilities and security researches fortutor-lms-migration-tool tutor-lms-migration-tool

Jul 28, 2024

CVE, Research URL: CVE-2024-1804
Home page URL: Security reports for Tutor LMS – Migration Tool
Application: Tutor LMS – Migration Tool
Date: Jul 27, 2024
Research Description: The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
Affected versions: max 2.2.2.
Status: vulnerable

CVE, Research URL: CVE-2024-1798
Home page URL: Security reports for Tutor LMS – Migration Tool
Application: Tutor LMS – Migration Tool
Date: Jul 27, 2024
Research Description: The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
Affected versions: max 2.2.2.
Status: vulnerable