CVE-2024-10393
published 2024-11-21CVE-2024-10393: The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.56%
42.5th percentile
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themeum | tutor_lms | <= 2.7.6 | — |
| themeum | tutor_lms_elearning_and_online_course_solution | <= 2.7.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-21
Published