Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

937 matches found

Patchstack
Patchstackadded 2026/05/12 5:18 p.m.5 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion vulnerability

Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Post Deletion vulnerability discovered by molten bit in WordPress Plugin Tutor LMS versions = 3.9.9...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/24 12:0 a.m.24 views

CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/24 12:0 a.m.0 views

CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

5.2AI score0.00212EPSS
Exploits0References3
CVE
CVEadded 2026/04/24 12:0 a.m.7 views

CVE-2025-67259

Affects ClassroomIO v0.1.13. A Broken Access Control vulnerability allows an authenticated low-privilege student to access unauthorized course information by altering intercepted API requests. Specifically, changing a captured POST request to a GET against the /rest/v1/course PostgREST endpoint e...

6.5CVSS5.2AI score0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/20 7:23 p.m.4 views

CVE-2026-6080

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

6.5CVSS5.8AI score0.00497EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/04/20 10:38 a.m.3 views

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin Tutor LMS versions = 3.9.7...

5.8AI score0.00252EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2026/04/17 6:31 a.m.1 views

EUVD-2026-23364

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References9
EUVD
EUVDadded 2026/04/17 6:31 a.m.1 views

EUVD-2026-23360

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS5.7AI score0.00465EPSS
Exploits0References7
NVD
NVDadded 2026/04/17 5:16 a.m.2 views

CVE-2026-5502

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS0.00465EPSS
Exploits0References6
NVD
NVDadded 2026/04/17 5:16 a.m.3 views

CVE-2026-6080

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

6.5CVSS0.00497EPSS
Exploits0References8
CVE
CVEadded 2026/04/17 3:36 a.m.8 views

CVE-2026-5502

The Tutor LMS WordPress plugin (versions up to 3.9.8) is affected by an authorization flaw in tutor_update_course_content_order that allows authenticated subscribers (and higher) to manipulate course content without proper permission checks. The code only validates CSRF via nonce and only runs ca...

5.3CVSS5.7AI score0.00465EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/04/17 3:36 a.m.28 views

CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS0.00465EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/17 3:36 a.m.2 views

CVE-2026-5502

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS5.7AI score0.00465EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/04/17 3:36 a.m.1 views

CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS5.6AI score0.00465EPSS
Exploits0References6
CVE
CVEadded 2026/04/17 3:36 a.m.16 views

CVE-2026-6080

The CVE describes a SQL Injection in the WordPress Tutor LMS plugin (versions ≤ 3.9.8). Root cause: insufficient escaping on the 'date' parameter and direct interpolation into a SQL fragment before $wpdb-&gt;prepare(), enabling authenticated Admin+ attackers to append extra SQL queries and extrac...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/04/17 3:36 a.m.28 views

CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

6.5CVSS0.00497EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/04/17 3:36 a.m.2 views

CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

6.5CVSS5.8AI score0.00497EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/04/17 3:36 a.m.4 views

CVE-2026-6080

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References9
Patchstack
Patchstackadded 2026/04/17 2:6 a.m.4 views

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...

6.5CVSS6AI score0.00497EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/04/17 2:4 a.m.1 views

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability

Authenticated Subscriber+ Arbitrary Course Content Manipulation via tutorupdatecoursecontentorder vulnerability discovered by momopon1415 in WordPress Plugin Tutor LMS versions = 3.9.8...

5.3CVSS5.8AI score0.00465EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder