CVE-2021-24186

Name of the Vulnerable Software and Affected Versions: Tutor LMS – eLearning and online course solution WordPress plugin versions prior to 1.8.3

Description: The issue concerns a UNION based SQL injection vulnerability in the tutor answering quiz question/get answer by id function pair. This could potentially be exploited by students.

Recommendations: For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the tutor answering quiz question/get answer by id function pair until the update is applied.