cleantalk
Vulnerabilities and Security Researches

Tutor LMS – eLearning and online course solution, CVE-2024-4223

CVE, Research URL

CVE-2024-4223

Home page URL

Security reports for Tutor LMS – eLearning and online course solution

Application

Tutor LMS – eLearning and online course solution

Published on
-
Research Description
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.
Affected versions
max 2.7.0.
Status
vulnerable
Previous vulnerability researches
Tutor LMS – Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS – Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
Tutor LMS Elementor Addons (CVE-2024-10897) , Nov 16, 2024
New vulnerability
Sello ChannelConnector (CVE-2025-52754) , Nov 11, 2025
Blox Lite (CVE-2025-62940) , Nov 11, 2025
WP Easy Toggles (CVE-2025-10190) , Nov 11, 2025
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. (CVE-2025-62026) , Nov 11, 2025
WPC Smart Messages for WooCommerce (CVE-2025-62903) , Nov 11, 2025