cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-5784,https://securityvulnerability.io/vulnerability/CVE-2024-5784,Unauthorized Access to Administrative Actions on Tutor LMS Pro Plugin for WordPress,"The Tutor LMS  Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.",Wordpress,Tutor Lms Pro,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-30T03:24:16.470Z,0
CVE-2024-4352,https://securityvulnerability.io/vulnerability/CVE-2024-4352,Unauthorized Access and SQL Injection Vulnerabilities in Tutor LMS Pro Plugin for WordPress,"The Tutor LMS Pro plugin for WordPress is susceptible to unauthorized data access and SQL Injection due to a missing capability check within the 'get_calendar_materials' function. This flaw permits authenticated attackers, even those with subscription-level permissions, to exploit the vulnerable function. Attackers can manipulate the 'year' parameter, leading to inadequate escaping of user-supplied values and insufficient SQL query preparation. Such exploitation can enable unauthorized modification and extraction of sensitive data, posing significant security risks for WordPress sites using this plugin.",Wordpress,Tutor Lms Pro,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-16T09:32:12.341Z,0
CVE-2024-4222,https://securityvulnerability.io/vulnerability/CVE-2024-4222,Unauthorized Access to Data in Tutor LMS Pro Plugin for WordPress,"The Tutor LMS Pro plugin for WordPress has a vulnerability that allows unauthorized users to gain access to sensitive data and perform unauthorized actions within the system. This issue arises from a missing capability check across multiple functions, impacting all versions up to and including 2.7.0. As a result, unauthenticated attackers can modify or delete user metadata and alter plugin options, raising significant concerns regarding the integrity and security of user data.",Wordpress,Tutor Lms Pro,8.2,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-05-16T09:32:11.833Z,0
CVE-2024-4351,https://securityvulnerability.io/vulnerability/CVE-2024-4351,Unauthorized Access to Data in Tutor LMS Pro Plugin for WordPress,"The Tutor LMS Pro plugin for WordPress is susceptible to an unauthorized access flaw due to a lack of capability checks within the 'authenticate' function. This vulnerability, present in all versions up to and including 2.7.0, allows authenticated users, even those with subscriber-level permissions, to potentially manipulate or take control of an administrator account. Given the expansive use of the plugin, this security issue raises serious concerns about data integrity and user privacy across affected WordPress installations.",Wordpress,Tutor Lms Pro,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-16T09:32:11.196Z,0