cleantalk
Vulnerabilities and Security Researches

Tutor LMS – eLearning and online course solution, 3c44a038b5a73b63f8608357cb63822af90e0c72

CVE, Research URL

3c44a038b5a73b63f8608357cb63822af90e0c72

Home page URL

Security reports for Tutor LMS – eLearning and online course solution

Application

Tutor LMS – eLearning and online course solution

Published on
Dec 27, 2021
Research Description
Tutor LMS &#8211; eLearning and online course solution [tutor] < 1.9.12 Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting The Tutor LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user profile parameters in versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.9.12.
Status
vulnerable
Previous vulnerability researches
Tutor LMS BunnyNet Integration (CVE-2026-24584) , Jan 28, 2026
Tutor LMS &#8211; Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS &#8211; Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
New vulnerability
Orbit Fox by ThemeIsle (CVE-2026-11358) , Jun 19, 2026
Dokan &#8211; Best WooCommerce Multivendor Marketplace Solution &#8211; Build Your Own Amazon, eBay, Etsy (CVE-2026-10023) , Jun 19, 2026
Services Section block &#8211; Showcase services in a professional way. (CVE-2026-11402) , Jun 19, 2026
Cornerstone (CVE-2026-54185) , Jun 19, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-12098) , Jun 19, 2026