CVE-2024-1751

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 13, 2024

Summary

CVE-2024-1751 is a vulnerability affecting the Tutor LMS plugin for WordPress. This eLearning and online course solution is susceptible to time-based SQL Injection attacks due to inadequate escaping of user-supplied data and insufficient query preparation. Authenticated attackers, with subscriber or student access levels and higher, can exploit this vulnerability by appending malicious SQL queries to existing ones. The result is the extraction of sensitive information from the database. Versions up to and including 2.6.1 are reportedly impacted by this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/unRdTC
https://www.cve.org/CVERecord?id=CVE-2024-1751
https://nvd.nist.gov/vuln/detail/CVE-2024-1751

Back to Vulnerability Database

CVE-2024-1751

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations