Tutor Lms Migration Tool

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:themeum:tutor_lms_-_migration_tool:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorThemeum (12449a9f-b8a3-5f81-9e39-f958a6d45415)
ProductTutor Lms Migration Tool (6c58c43f-af81-5958-b1a8-36a9116fca56)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/themeum/tutor-lms-migration-tool purl2cpe 2026-06-01 10:12:52.172978

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-1804 vulnerable 2026-06-03 14:54:34.686239 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml
MEDIUM (4.3)
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
Published: 2024-07-27T01:51:01.443Z
Updated: 2026-04-08T16:34:38.618Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1798 vulnerable 2026-06-03 14:54:34.670659 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml
MEDIUM (5.3)
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
Published: 2024-07-27T01:51:01.946Z
Updated: 2026-04-08T16:35:09.678Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.