CVERadar

CVE-2024-1133

Medium Severity

Themeum

SVRS

30/100

CVSSv3

NA/10

EPSS

0.0015/1

CVE-2024-1133 allows unauthorized access to restricted Q&A content in the Tutor LMS WordPress plugin. This vulnerability affects versions up to 2.6.0, enabling authenticated attackers with subscriber access or higher to interact with questions in courses they are not enrolled in, even private courses. The flaw stems from a missing capability check when handling questions.

While CVE-2024-1133 has a relatively low SOCRadar Vulnerability Risk Score (SVRS) of 30, indicating it's not considered a critical vulnerability requiring immediate action, the unauthorized access to course content is still a significant concern. Successful exploitation could lead to data leakage and compromise the integrity of the eLearning platform. Although the CVSS score is 0, indicating no base severity, this is likely because it requires authentication and is not remotely exploitable, but the impact is still important for course creators to evaluate. Organizations using the Tutor LMS plugin should update to a patched version to mitigate the security risk.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-1133 | Themeum Tutor LMS Plugin up to 2.6.0 on WordPress authorization

vuldb.com2025-01-15

CVE-2024-1133 | Themeum Tutor LMS Plugin up to 2.6.0 on WordPress authorization | A vulnerability, which was classified as problematic, was found in Themeum Tutor LMS Plugin up to 2.6.0 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-1133. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

rss

forum

news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1

Type	Vendor	Product
App	Themeum	tutor_lms

References

Reference	Link
[email protected]	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12
[email protected]	https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve
AF854A3A-2127-422B-91AE-364DA2661108	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12
AF854A3A-2127-422B-91AE-364DA2661108	https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve
[email protected]	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12
[email protected]	https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve

CWE Details

CWE ID	CWE Name	Description
CWE-862	Missing Authorization	The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence