cleantalk
Vulnerabilities and Security Researches

Tutor LMS – eLearning and online course solution, 00ba67e69f89f52d182e176888a9373661b25d65

CVE, Research URL

00ba67e69f89f52d182e176888a9373661b25d65

Home page URL

Security reports for Tutor LMS – eLearning and online course solution

Application

Tutor LMS – eLearning and online course solution

Published on
Aug 09, 2021
Research Description
Tutor LMS &#8211; eLearning and online course solution [tutor] < 1.9.6 Tutor LMS <= 1.9.5 - Cross-Site Scripting The Tutor LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.9.6.
Status
vulnerable
Previous vulnerability researches
Tutor LMS BunnyNet Integration (CVE-2026-24584) , Jan 28, 2026
Tutor LMS &#8211; Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS &#8211; Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
New vulnerability
Orbit Fox by ThemeIsle (CVE-2026-11358) , Jun 19, 2026
Dokan &#8211; Best WooCommerce Multivendor Marketplace Solution &#8211; Build Your Own Amazon, eBay, Etsy (CVE-2026-10023) , Jun 19, 2026
Services Section block &#8211; Showcase services in a professional way. (CVE-2026-11402) , Jun 19, 2026
Cornerstone (CVE-2026-54185) , Jun 19, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-12098) , Jun 19, 2026