EUVD-2026-15717

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...

CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...

CVE-2026-25406

CVE-2026-25406 is a authentication bypass vulnerability in Themeum Tutor LMS Pro (tutor-pro) affecting versions up to and including 3.9.4. The issue is described as an authentication abuse via an alternate path or channel. Remediation from multiple sources recommends updating to a version later t...

WordPress plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27940

Name of the Vulnerable Software and Affected Versions Themeum Tutor LMS Pro versions prior to 3.9.4 Description An authentication bypass issue exists in Themeum Tutor LMS Pro, allowing authentication abuse. The issue involves using an alternate path or channel to circumvent normal authentication...

WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Phat RiO in WordPress Plugin Tutor LMS Pro versions = 3.9.4...

CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

WordPress Tutor LMS Pro plugin <= 3.9.5 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tutor LMS Pro versions = 3.9.5...

EUVD-2026-10472

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

EUVD-2026-10473

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

CVE-2026-0953

CVE-2026-0953 affects the Tutor LMS Pro WordPress plugin (versions through 3.9.5). The issue is an authentication bypass in the Social Login addon: the plugin fails to verify that the email in the authentication request matches the email from the validated OAuth token, allowing unauthenticated at...

CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

PT-2026-24178

Name of the Vulnerable Software and Affected Versions Tutor LMS Pro plugin for WordPress versions through 3.9.5 Description The Tutor LMS Pro plugin for WordPress is susceptible to authentication bypass through the Social Login addon. The plugin does not properly validate that the email address...

WordPress plugin Tutor LMS Pro 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin

On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...

VulnCheck KEV: CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

WordPress Tutor LMS Pro plugin <= 3.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Tutor LMS Pro versions = 3.8.3...

CVE-2025-6639

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...