Primary

Context

Themeum Tutor LMS Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in the Themeum Tutor LMS WordPress plugin, specifically in versions through 3.4.0. This vulnerability arises from improper handling of script-related HTML tags, allowing for basic XSS attacks.

Impact

Exploitation of this vulnerability allows for content injection, which could be used to insert malicious scripts or phishing pages into the affected WordPress site.

Remediation

Users of the Themeum Tutor LMS WordPress plugin should update to version 3.4.1 or later. Patchstack users can enable auto-updates for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Themeum Tutor LMS Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Themeum Tutor LMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating