64 matches found
EUVD-2026-37655
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2026-22332
CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro <=3.9.6, with exploitation status not pr...
CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
EUVD-2026-15717
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...
CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...
CVE-2026-25406
CVE-2026-25406 is a authentication bypass vulnerability in Themeum Tutor LMS Pro (tutor-pro) affecting versions up to and including 3.9.4. The issue is described as an authentication abuse via an alternate path or channel. Remediation from multiple sources recommends updating to a version later t...
WordPress plugin Tutor LMS Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27940
Name of the Vulnerable Software and Affected Versions Themeum Tutor LMS Pro versions prior to 3.9.4 Description An authentication bypass issue exists in Themeum Tutor LMS Pro, allowing authentication abuse. The issue involves using an alternate path or channel to circumvent normal authentication...
WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Phat RiO in WordPress Plugin Tutor LMS Pro versions = 3.9.4...
CVE-2026-0953
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
WordPress Tutor LMS Pro plugin <= 3.9.5 - Authentication Bypass via Social Login vulnerability
Authentication Bypass via Social Login vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tutor LMS Pro versions = 3.9.5...
EUVD-2026-10473
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
EUVD-2026-10472
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953
CVE-2026-0953 affects the Tutor LMS Pro WordPress plugin (versions through 3.9.5). The issue is an authentication bypass in the Social Login addon: the plugin fails to verify that the email in the authentication request matches the email from the validated OAuth token, allowing unauthenticated at...
WordPress plugin Tutor LMS Pro 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-24178
Name of the Vulnerable Software and Affected Versions Tutor LMS Pro plugin for WordPress versions through 3.9.5 Description The Tutor LMS Pro plugin for WordPress is susceptible to authentication bypass through the Social Login addon. The plugin does not properly validate that the email address...
30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin
On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...