Unprotected AJAX Action to Privilege Escalation vulnerability discovered by WordFence in WordPress Tutor LMS plugin (versions <= 1.7.6).
Update the WordPress Tutor LMS plugin to the latest available version (at least 1.7.7).
wordpress.org/plugins/tutor/#developers
www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/