Description
WordPress Plugin Tutor LMS-eLearning and online course solution is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Tutor LMS-eLearning and online course solution version 1.8.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.8 or latest
References
Related Vulnerabilities
Jenkins CVE-2014-2063 Vulnerability (CVE-2014-2063)
WordPress Plugin Captain Slider Cross-Site Scripting (1.0.6)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37148)
WordPress CVE-2016-5836 Vulnerability (CVE-2016-5836)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)