CVE-2024-4222

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.

Related Vulnerabilities

CVE-2020-24718

HIGH
CVSS:8.2(High)

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonst...

CWE-8622020

CVE-2022-0871

HIGH
CVSS:8.2(High)

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CWE-8622022

CVE-2022-1066

HIGH
CVSS:8.2(High)

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CWE-8622022

CVE-2022-3321

HIGH
CVSS:8.2(High)

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by en...

CWE-8622022

CVE-2022-41930

HIGH
CVSS:8.2(High)

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or dis...

CWE-8622022

CVE-2023-37862

HIGH
CVSS:8.2(High)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co...

CWE-8622023