CVE-2024-3553

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to, and including, 2.6.2

Description The issue is related to a missing capability check on the hide notices function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled. The vulnerability can be exploited by a remote attacker to gain read and modify access to data.

Recommendations For versions up to, and including, 2.6.2, update to a version higher than 2.6.2 to resolve the issue. As a temporary workaround, consider disabling the hide notices function until a patch is available.