2 matches found
CVE-2026-12274
The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...
WordPress Tutor LMS plugin <= 3.9.13 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by TristanInSec in WordPress Plugin Tutor LMS versions = 3.9.13...