CVE-2021-24740

More information about this CVE will likely be available in a few days.

Description

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Related CPE's

Could not find any relations

References

https://wpscan.com/vulnerability/e6cf694d-c4ae-4b91-97c0-a6bdbafc7d60

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io