WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification vulnerability

WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Coupon Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability

WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Course Enrollment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

CVE-2025-13679

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

CVE-2025-13679

CVE-2025-13679 (Tutor LMS) : A missing capability check on get_order_by_id() in Tutor LMS ≤ 3.9.3 allows authenticated users with Subscriber+ privileges to enumerate orders and exfiltrate student PII (name, email, phone, billing address). WordPress plugin: Tutor LMS – eLearning and online course ...

WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via tutororderdetails vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

PT-2026-1706

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to and including 3.9.3 Description The Tutor LMS plugin for WordPress is susceptible to unauthorized data access due to a missing capability check within the get order by id function. This allows authenticated attackers...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...

Exploit for Missing Authorization in Themeum Tutor_Lms

CVE-2024-3553 Tutor LMS Example Output =====...

CVE-2025-63042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

EUVD-2025-201984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

CVE-2025-63042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

CVE-2025-63042

CVE-2025-63042 is a stored XSS in the WordPress plugin “Tutor LMS Elementor Addons” by Themeum, affecting Tutor LMS Elementor Addons versions from unspecified earlier up to and including 3.0.1. The vulnerability arises from improper input neutralization during web page generation, enabling cross-...

WordPress plugin Tutor LMS Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...