CVE-2024-4318: The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions

The Tutor LMS plugin for WordPress (versions up to 2.7.0) has a time-based SQL injection vulnerability (a technique where attackers sneak malicious database commands into user input to extract data) in the 'question_id' parameter because the plugin doesn't properly clean user input or prepare its database queries. Attackers with Instructor-level permissions or higher can exploit this to extract sensitive information from the database.