938 matches found
WordPress Tutor LMS Pro plugin <= 3.9.5 - Authentication Bypass via Social Login vulnerability
Authentication Bypass via Social Login vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tutor LMS Pro versions = 3.9.5...
EUVD-2026-10472
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
EUVD-2026-10473
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953
CVE-2026-0953 affects the Tutor LMS Pro WordPress plugin (versions through 3.9.5). The issue is an authentication bypass in the Social Login addon: the plugin fails to verify that the email in the authentication request matches the email from the validated OAuth token, allowing unauthenticated at...
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
WordPress plugin Tutor LMS Pro 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-24178
Name of the Vulnerable Software and Affected Versions Tutor LMS Pro plugin for WordPress versions through 3.9.5 Description The Tutor LMS Pro plugin for WordPress is susceptible to authentication bypass through the Social Login addon. The plugin does not properly validate that the email address...
📄 Tutor LMS 2.6.2 Missing Authorization / Privilege Escalation
Proof of concept for a missing authorization vulnerability in the Tutor LMS WordPress plugin versions 2.6.2 and below. ============================================================================================================================================= | Title : Tutor LMS 2.6.2 Missing...
30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin
On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...
VulnCheck KEV: CVE-2026-0953
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...
CVE-2026-23799
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
EUVD-2026-9596
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799 WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799 WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799
CVE-2026-23799 is a Missing Authorization / Broken Access Control flaw in Themeum Tutor LMS (Tutor LMS) up to version 3.9.5. CVSSv3.1 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N with base score 6.5 (Medium). Public sources (NVD, Red Hat, CVE List, Patchstack, AttackKB, VulnEnrichment) id...
WordPress plugin Tutor LMS 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...