WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-32223 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

CVE-2025-13679

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

CVE-2024-43282

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...