CVE-2024-5576

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Tutor LMS Elementor Addons
Tutor LMS Elementor Addons
<p>Tutor LMS Elementor Addons is a WordPress plugin that works with Tutor LMS and Elementor. It helps you to design eLearning course sites any way you want.</p> <p>Create your own custom layout and styling for Tutor LMS courses, bring different designs to specific courses, create course carousels and listings, and do much more.</p> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/9cbxl2v7gBc?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <h3>What you can do with Tutor LMS Elementor Addons</h3> <p>Tutor LMS Elementor Addons helps you create visually stunning eLearning sites with Tutor LMS and then customize the site further with Elementor page builder. Here are a few things you can do with Tutor LMS Elementor Addons:</p> <ul> <li>Create a course page template from scratch.</li> <li>Customize each course page design individually.</li> <li>35+ widgets to take care of the linear aspects of the design.</li> <li>Insert course carousels in any page you want.</li> <li>Choose templates from 4 different course carousel styles.</li> </ul> <h3>Prerequisites</h3> <p>Tutor LMS Elementor Addons will ask you to install the following plugins to make sure everything works perfectly.</p> <p>1) <a href="https://wordpress.org/plugins/tutor" rel="ugc">Tutor LMS</a><br /> 2) <a href="https://wordpress.org/plugins/elementor" rel="ugc">Elementor</a></p> <p>After installing and activating all of these plugins, you will be able to design course pages with Elementor using all the available widgets. For a more in-depth look at the integration and all it’s nitty-gritty details, please visit <a href="https://docs.themeum.com/tutor-lms/third-party-integration/elementor-integration/getting-started/" rel="nofollow ugc">our documentation on Tutor LMS &#8211; Elementor integration</a>.</p> <p>Also, please make sure you are using the latest version of all these plugins.</p> <h3>Instructions</h3> <p>✅ <strong>Allow Elementor to edit and create courses in the Settings</strong></p> <p>First, you need to enable editing capability from the Elementor settings.<br /> Go to <strong>Dashboard &gt; Elementor &gt; Editor &gt; Settings &gt; General</strong>, check the mark on the <strong>Post Types</strong> you want to edit and create with Elementor. Make sure you’ve selected the following options:</p> <ul> <li>Courses</li> <li>Lessons</li> <li>Quizzes</li> <li>Assignments</li> <li>Bundle</li> </ul> <p>✅ <strong>Create a custom course template</strong></p> <p>To use Elementor to build a custom course template, you need to create your own course template first.</p> <p>You can do that by heading to your WordPress admin page, and then from the dashboard panel, head to <strong>Elementor &gt; Editor &gt; Templates</strong> and click on the <strong>Add New Template</strong> button.</p> <p>Give the template a name and also make sure to select <strong>Tutor LMS Single Course Template</strong> and create your custom course page from scratch.</p> <p>✅ <strong>Edit individual course pages differently</strong></p> <p>If you want to edit each course’s layout separately, navigate to <strong>Tutor LMS &gt; Courses</strong> and then open any course in editing mode.</p> <p>Then, from the default editing panel, click on <strong>Edit With Elementor</strong> to start the Elementor Page builder interface. You will find all the necessary addons to create a single course page from the left sidebar’s Tutor LMS section.</p> <h3>Widgets Inside Tutor LMS Elementor Addons Plugin</h3> <p>Tutor LMS Elementor Addons currently offers the following Elementor widgets to take control over your eLearning site designs:</p> <ol> <li>Course Rating</li> <li>Course Title</li> <li>Course Author</li> <li>Course Level</li> <li>Course Social Share</li> <li>Course Categories</li> <li>Course Duration</li> <li>Course Total Enrolled</li> <li>Course Last Update</li> <li>Course Status</li> <li>Course Thumbnail</li> <li>Course Price</li> <li>Course Enrolment Box</li> <li>Course Purchase</li> <li>Course Materials</li> <li>Course Requirements</li> <li>Course Tags</li> <li>Course Target Audience</li> <li>Course About</li> <li>Course Description</li> <li>Course Benefits</li> <li>Course Content</li> <li>Course Curriculum</li> <li>Course Instructors</li> <li>Course Reviews</li> <li>Course Carousel</li> <li>Course List</li> <li>Course Wishlist</li> <li>Bundle Title</li> <li>Bundle Thumbnail</li> <li>Bundle Categories</li> <li>Bundle Overview</li> <li>Bundle Tags</li> <li>Bundle Author</li> <li>Bundle Courses</li> <li>Bundle Benefits</li> </ol>
WordPress Plugin DirectoryWordPress Plugin Directory
594K