Description
WordPress Plugin Tutor LMS-eLearning and online course solution is prone to a insecure direct object reference (IDOR) vulnerability. Exploiting this issue may allow an attacker to delete any course. WordPress Plugin Tutor LMS-eLearning and online course solution version 2.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.1 or latest
References
Related Vulnerabilities
WordPress Plugin BetterDocs-Best Documentation & Knowledge Base Cross-Site Scripting (1.9.1)
WordPress Plugin Acunetix WP Security Cross-Site Request Forgery (4.0.4)
CakePHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4399)
WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.2.1)