Approved changes feed: RSS · Atom
cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Themeum (12449a9f-b8a3-5f81-9e39-f958a6d45415) |
|---|---|
| Product | Tutor Lms (2fe227b0-846b-5837-98cd-fc776635d107) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/themeum/tutor |
purl2cpe | 2026-06-01 10:12:52.184656 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-40740 |
vulnerable | 2026-06-03 15:23:34.992335 |
WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability
MEDIUM (5.4)
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.
Published: 2026-04-15T10:21:34.311Z
Updated: 2026-04-29T09:52:04.818Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-23799 |
vulnerable | 2026-06-03 15:16:50.768336 |
WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability
MEDIUM (6.5)
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.
Published: 2026-03-05T05:53:48.754Z
Updated: 2026-04-28T16:14:46.898Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-58993 |
vulnerable | 2026-06-03 15:06:23.333118 |
WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS tutor allows SQL Injection.This issue affects Tutor LMS: from n/a through <= 3.7.4.
Published: 2025-09-09T16:33:07.244Z
Updated: 2026-04-28T16:13:51.323Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47555 |
vulnerable | 2026-06-03 15:01:32.978261 |
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
LOW (3.8)
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
Published: 2026-01-22T16:51:40.623Z
Updated: 2026-04-28T16:12:45.379Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32230 |
vulnerable | 2026-06-03 15:00:40.295347 |
WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability
MEDIUM (4.3)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 3.4.0.
Published: 2025-04-10T08:09:46.362Z
Updated: 2026-04-28T16:12:19.672Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32223 |
vulnerable | 2026-06-03 15:00:40.284694 |
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
MEDIUM (6.5)
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
Published: 2026-03-19T08:05:59.217Z
Updated: 2026-04-29T09:51:54.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43282 |
vulnerable | 2026-06-03 14:56:44.884826 |
WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
Published: 2024-08-18T21:39:11.082Z
Updated: 2026-04-28T16:10:11.708Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43231 |
vulnerable | 2026-06-03 14:56:44.773646 |
WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.
Published: 2024-08-12T21:04:07.481Z
Updated: 2026-04-28T16:10:09.928Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43142 |
vulnerable | 2026-06-03 14:56:44.578055 |
WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
Published: 2024-11-01T14:17:46.601Z
Updated: 2026-04-28T16:10:08.991Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39645 |
vulnerable | 2026-06-03 14:56:22.092109 |
WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
Published: 2024-08-26T20:55:42.339Z
Updated: 2026-04-28T16:10:07.684Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37947 |
vulnerable | 2026-06-03 14:56:07.371590 |
WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.
Published: 2024-07-20T08:31:16.345Z
Updated: 2026-04-28T16:10:03.424Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37266 |
vulnerable | 2026-06-03 14:56:06.195239 |
WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability
MEDIUM (4.9)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.
Published: 2024-07-09T10:08:37.139Z
Updated: 2026-04-28T16:09:57.960Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37256 |
vulnerable | 2026-06-03 14:56:06.168451 |
WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.
Published: 2024-07-09T09:02:44.548Z
Updated: 2026-04-28T16:09:57.681Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25990 |
vulnerable | 2026-06-03 14:50:27.585264 |
WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
HIGH (7.1)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
Published: 2023-11-03T16:22:46.607Z
Updated: 2026-04-28T16:08:11.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25800 |
vulnerable | 2026-06-03 14:49:34.171027 |
WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection
HIGH (8.1)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.
Published: 2023-11-03T16:26:12.916Z
Updated: 2026-04-28T16:08:10.755Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25799 |
vulnerable | 2026-06-03 14:49:34.170549 |
WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities
HIGH (8.3)
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.
Published: 2024-06-11T09:15:01.315Z
Updated: 2026-04-28T16:08:10.395Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25700 |
vulnerable | 2026-06-03 14:49:33.301107 |
WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection
HIGH (8.2)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
Published: 2023-11-03T16:44:47.440Z
Updated: 2026-04-28T16:08:09.431Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.