The Latest in IT Security

Tutor LMS for WordPress Open to Info-Stealing Security Holes

18
Mar
2021
Tutor LMS for WordPress Open to Info-Stealing Security Holes

image credit: pixabay

Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers.

Tutor LMS is a learning-management system for educators that allows them to digitally reach their students. It supports course-building, student forums, multimedia classes and more. According to an analysis from Wordfence, there are five critical SQL-injection flaws in the plugin, and at least one high-severity bug stemming from unprotected AJAX endpoints.

Related posts:
  1. Microsoft Teams Patch Bypass Allows RCE
  2. Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
  3. MFA Bypass Bugs Opened Microsoft 365 to Attack
  4. Google Chrome Bugs Open Browsers to Attack
  5. WordPress Ecommerce Plugin Vulnerability Details Disclosed

Read More

Tags:  
Written by Threatpost
0 Comments
Comments are closed.

Categories

TUESDAY, APRIL 23, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments