cleantalk
Vulnerabilities and Security Researches

Tutor LMS – Migration Tool, CVE-2024-1798

CVE, Research URL

CVE-2024-1798

Home page URL

Security reports for Tutor LMS – Migration Tool

Application

Tutor LMS – Migration Tool

Published on
Jul 27, 2024
Research Description
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
Affected versions
max 2.2.2.
Status
vulnerable
Previous vulnerability researches
Tutor LMS – Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS – Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
Tutor LMS Elementor Addons (CVE-2024-10897) , Nov 16, 2024
New vulnerability
Premmerce Product Search for WooCommerce (CVE-2025-64289) , Nov 11, 2025
Premmerce Product Search for WooCommerce (CVE-2025-64290) , Nov 11, 2025
Premmerce Product Search for WooCommerce (CVE-2025-60194) , Nov 11, 2025
WPC Smart Quick View for WooCommerce (CVE-2025-11741) , Nov 11, 2025
Outdoor (CVE-2025-10743) , Nov 11, 2025