Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)



Description
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) attacks.

Affects Plugin

References

CVE 2020-8615
URL https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
URL https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Jinson Varghese Behanan
Submitter Jinson Varghese Behanan
Submitter Website https://www.getastra.com/
Submitter Twitter JinsonCyberSec
Views 3668
Verified No
WPVDB ID 10058

Timeline

Publicly Published 2020-02-04 (17 days ago)
Added 2020-02-04 (16 days ago)
Last Updated 2020-02-10 (10 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin