Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin
CVE-2021-24185 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
Learn more about our Wordpress Pen Testing.