WordPress Plugin Vulnerabilities

Tutor LMS Elementor Addons < 2.1.6 - Missing Authorization

Description

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform a dependency plugin install.

Affects Plugins

Plugin icon
tutor-lms-elementor-addons
Fixed in 2.1.6

References

CVE
CVE-2024-53816
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/293480b2-3160-4361-98d4-ed6e601d53c4

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ananda Dhakal
Verified
No
WPVDB ID
e50dbf37-e3c8-44ee-a664-0a3519972d3f

Timeline

Publicly Published
2024-12-02 (about 1 year ago)
Added
2024-12-11 (about 1 year ago)
Last Updated
2024-12-11 (about 1 year ago)

Other

Published
Title
Published
2024-05-15
Title
weMail < 1.14.3 - Missing Authorization to Notice Dismissal
Published
2026-02-14
Title
Payment Plugins for PayPal WooCommerce < 2.0.14 - Missing Authorization
Published
2025-03-27
Title
Just Writing Statistics < 5.4 - Missing Authorization
Published
2025-09-22
Title
All In One SEO Pack < 4.8.7.2 - Missing Authorization
Published
2025-06-27
Title
ChatBot < 6.7.5 - Missing Authorization