EUVD-2026-22893

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.7...

CVE-2026-40740

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.7...

CVE-2026-40740

CVE-2026-40740 concerns a Missing Authorization vulnerability in Themeum Tutor LMS WordPress plugin

WordPress MetForm Pro plugin <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability

Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.7...

PT-2026-33044

Name of the Vulnerable Software and Affected Versions Themeum Tutor LMS versions prior to 3.9.8 Description An issue exists where missing authorization allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 3.9.7...

WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...

WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment vulnerability

Missing Authorization to Authenticated Subscriber+ Unauthorized Private Course Enrollment vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin Tutor LMS versions = 3.9.7...

CVE-2026-3371

The Tutor LMS WordPress plugin (versions ≤ 3.9.7) is vulnerable to Insecure Direct Object Reference due to missing authorization checks in the private save_course_content_order() method, which is called unconditionally by the tutor_update_course_content_order AJAX handler. Attackers with Subscrib...

CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

CVE-2026-3358

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing poststatus validation in the enrollnow and courseenrollment functions. Both enrollment endpoints...

PT-2026-32084

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post status validation in the enroll now and course enrollment functions. Both enrollment endpoints...

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'orderid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.7...

EUVD-2022-47955

Malicious code in bioql PyPI...

CVE-2025-52789 WordPress Lewe ChordPress plugin <= 4.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability

Cross-Site Request Forgery CSRF vulnerability in George Lewe Lewe ChordPress chordpress allows Stored XSS.This issue affects Lewe ChordPress: from n/a through = 4.0.1...

WordPress plugin Lewe ChordPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-38644

An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...

CVE-2023-2592

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

PT-2025-21697

Name of the Vulnerable Software and Affected Versions: imithemes Eventer versions prior to 3.9.7 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions prior to 3.9.7,...

WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Metform versions = 3.9.2...