The plugin is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
https://your.domain/wp-admin/admin.php?page=tutor-tools&sub_page=..%2F..%2F..%2F..%2F..%2F..%2Findex
2021-04-05 (about 1 years ago)
2021-04-05 (about 1 years ago)
2021-04-07 (about 1 years ago)