The Latest in IT Security

Tutor LMS for WordPress Open to Info-Stealing Security Holes

18
Mar
2021
Tutor LMS for WordPress Open to Info-Stealing Security Holes

image credit: pixabay

Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers.

Tutor LMS is a learning-management system for educators that allows them to digitally reach their students. It supports course-building, student forums, multimedia classes and more. According to an analysis from Wordfence, there are five critical SQL-injection flaws in the plugin, and at least one high-severity bug stemming from unprotected AJAX endpoints.

Read More

Comments are closed.

Categories

FRIDAY, APRIL 23, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments