Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin

Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin

CVE-2021-24181 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

Learn more about our Wordpress Pen Testing.