cleantalk
Vulnerabilities and Security Researches

Tutor LMS – eLearning and online course solution, 9261dbc836d67ce1db8c5eb9e851d2baee579312

CVE, Research URL

9261dbc836d67ce1db8c5eb9e851d2baee579312

Home page URL

Security reports for Tutor LMS – eLearning and online course solution

Application

Tutor LMS – eLearning and online course solution

Published on
Jan 10, 2023
Research Description
Tutor LMS &#8211; eLearning and online course solution [tutor] < 1.9.13 WordPress Tutor LMS Plugin <= 1.9.12 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Tutor LMS plugin to the latest available version (at least 1.9.13). WPScanTeam discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Tutor LMS Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.9.13.
Affected versions
max 1.9.13.
Status
vulnerable
Previous vulnerability researches
Tutor LMS BunnyNet Integration (CVE-2026-24584) , Jan 28, 2026
Tutor LMS &#8211; Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS &#8211; Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
New vulnerability
Orbit Fox by ThemeIsle (CVE-2026-11358) , Jun 19, 2026
Dokan &#8211; Best WooCommerce Multivendor Marketplace Solution &#8211; Build Your Own Amazon, eBay, Etsy (CVE-2026-10023) , Jun 19, 2026
Services Section block &#8211; Showcase services in a professional way. (CVE-2026-11402) , Jun 19, 2026
Cornerstone (CVE-2026-54185) , Jun 19, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-12098) , Jun 19, 2026