Sertifier Certificate and Badge Maker for WordPress Tutor LMS Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin, affecting all versions through 1.19. The vulnerability arises from inadequate nonce validation on the 'sertifier_settings' page, allowing unauthenticated attackers to update the plugin's API key by tricking a site administrator into clicking a link.
Impact
Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling attackers to manipulate plugin settings without authentication.
Added: Aug 23, 2025, 5:20 AM
Updated: Aug 23, 2025, 5:20 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
6.4remediation
0.0relevance
0.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.