WordPress Tutor LMS 漏洞列表

WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.

由于对用户提供的参数转义不足，以及对现有 SQL 查询准备不足，WordPress 的 Tutor LMS 插件在所有版本（包括 2.7.6 版）中都存在通过“rating_filter”参数进行 SQL 注入的漏洞。这使得未经身份验证的攻击者可以将其他 SQL 查询附加到现有查询中，这些查询可用于从数据库中提取敏感信息。