Asa

**Name of the Vulnerable Software and Affected Versions** The Tutor LMS – eLearning and online course solution WordPress plugin versions prior to 1.8.8 **Description** A local file inclusion issue affects the plugin, allowing high privilege users to include any local php file through a maliciously constructed `sub page` parameter of the plugin's Tools. **Recommendations** For versions prior to 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Tools section of the plugin to minimize the risk of exploitation. Avoid using the `sub page` parameter in the affected plugin's Tools until the issue is resolved.