2 matches found
WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Course Completion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.2...
CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...