WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Tutor LMS – eLearning and online course solution

2022-09-26
Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting
Fixed in version 2.0.10
2022-08-22
Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting
Fixed in version 2.0.9
2022-01-10
Tutor LMS < 1.9.13 - Reflected Cross-Site Scripting
Fixed in version 1.9.13
2021-12-27
Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting
Fixed in version 1.9.12
2021-12-27
Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting
Fixed in version 1.9.12
2021-10-19
Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting
Fixed in version 1.9.11
2021-09-20
Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting
Fixed in version 1.9.9
2021-08-09
Tutor LMS < 1.9.6 - Reflected Cross-Site Scripting
Fixed in version 1.9.6
2021-06-28
Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in version 1.9.2
2021-04-05
Tutor LMS < 1.8.8 - Authenticated Local File Inclusion
Fixed in version 1.8.8
2021-03-15
Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
Fixed in version 1.8.3
2021-03-15
Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
Fixed in version 1.7.7
2021-03-15
Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation
Fixed in version 1.7.7
2021-03-15
Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
Fixed in version 1.8.3
2021-03-15
Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
Fixed in version 1.8.3
2021-03-15
Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
Fixed in version 1.7.7
2020-02-04
Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)
Fixed in version 1.5.3