cbcvebase.
CVE-2024-5784
published 2024-08-30

CVE-2024-5784: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions…

PriorityP339high7.1CVSS 3.1
AVNACLPRLUINSUCLIHAN
EPSS
0.36%
27.4th percentile
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.

Affected

2 ranges
VendorProductVersion rangeFixed in
themeumtutor_lms< 2.7.32.7.3
themeumtutor_lms_pro<= 2.7.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.