image credit: pixabay
Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers.
Tutor LMS is a learning-management system for educators that allows them to digitally reach their students. It supports course-building, student forums, multimedia classes and more. According to an analysis from Wordfence, there are five critical SQL-injection flaws in the plugin, and at least one high-severity bug stemming from unprotected AJAX endpoints.
Comments are closed.
