CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

CVE-2026-1787

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...

CVE-2026-1371

The CVE-2026-1371 entry concerns Tutor LMS for WordPress. Affected: Tutor LMS plugin versions up to and including 3.9.5. Root cause: missing authorization checks in ajax_coupon_details(), which only validates nonces and does not verify user capabilities. Impact: authenticated users with Subscribe...

WordPress Tutor LMS plugin <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action vulnerability

Authenticated Subscriber+ Information Disclosure in Coupon Details via 'tutorcoupondetails' AJAX Action vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.5...

CVE-2025-47555 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

WordPress plugin tutor security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-1728

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.3 Description The Tutor LMS plugin for WordPress is susceptible to unauthorized course completion. This occurs because of a lack of enrollment verification within the mark course complete function. Authenticated...

CVE-2024-10393

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'userscanregister' option in the 'registerinstructor' function. This makes it possible for unauthenticated attackers to register as the...

PT-2024-30162 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows authenticated attackers with Instructor-level permissions and above to delete any course due to missi...

The vulnerability of the erase_tutor_data() function in the Tutor plugin for the WordPress content management system allows a hacker to perform a CSRF attack.

The vulnerability of the erasetutordata function in the Tutor plugin of the WordPress content management system is related to the，nonce。， CSRF 。...

WordPress Plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Tutor LMS SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Tutor LMS - eLearning and...

Wordpress plugin tutor local file leak vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A local file disclosure vulnerability exists in Wordpress plugin tutor. An attacker can exploit the vulnerability to obtain...

Wordpress plugin tutor cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin tutor. An attacker can exploit this vulnerability to...

WordPress Plugin Tutor.1.5.3 - Local File Inclusion

Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion Author: mehran feizi Category: webapps Date: 2020-02-12 vendor home page: https://wordpress.org/plugins/tutor/ =================================================================== Vulnerable page: /instructors.php...

WordPress Tutor 1.5.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications - Tile: Wordpress Plugin tutor.1.5.3 - Cross-Site Scripting - Author: mehran feizi - Category: webapps =================================================================== Vulnerable page: /Quiz.php...