CVE-2021-24185

Name of the Vulnerable Software and Affected Versions: Tutor LMS – eLearning and online course solution WordPress plugin versions prior to 1.7.7

Description: The issue concerns a SQL injection vulnerability in the tutor place rating AJAX action of the plugin. This could potentially be exploited by students, allowing for blind and time-based SQL injections.

Recommendations: For versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the tutor place rating AJAX action to minimize the risk of exploitation.