CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

946 matches found

EUVD•added 2025/10/25 5:31 a.m.•3 views

EUVD-2025-35912

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't...

4.3CVSS5.2AI score0.00178EPSS

Exploits0References3

Vulnrichment•added 2025/10/25 5:31 a.m.•3 views

CVE-2025-6680 Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure

4.3CVSS5.3AI score0.00178EPSS

Exploits0References2

CVE•added 2025/10/25 5:31 a.m.•10 views

CVE-2025-6680

CVE-2025-6680 Tutor LMS (WordPress): Authenticated users with tutor-level+ access can view sensitive information by exposing assignments from courses they don’t teach. Affects Tutor LMS versions up to 3.8.3. Public advisories indicate remediation by upgrading to 3.8.4 or later; some sources also ...

4.3CVSS5.3AI score0.00178EPSS

Exploits0References2Affected Software1

Patchstack•added 2025/10/25 2:1 a.m.•4 views

WordPress Tutor LMS Pro plugin <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to View/Edit Other Assignments vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS Pro versions = 3.8.3...

5.4CVSS6.7AI score0.00148EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/10/25 1:50 a.m.•4 views

WordPress Tutor LMS plugin <= 3.8.3 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS versions = 3.8.3...

4.3CVSS6.6AI score0.00178EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/10/25 12:57 a.m.•6 views

WordPress Tutor LMS plugin <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update vulnerability

Missing Authorization to Unauthenticated Payment Status Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Tutor LMS versions = 3.8.3...

5.3CVSS7AI score0.00244EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/10/25 12:0 a.m.•3 views

PT-2025-43706

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to and including 3.8.3 Description The Tutor LMS plugin for WordPress is susceptible to unauthorized data modification. This occurs because of a missing capability check when verifying webhook signatures within the...

5.3CVSS5.8AI score0.00244EPSS

Exploits0References8

Positive Technologies•added 2025/10/25 12:0 a.m.•4 views

PT-2025-43712

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.8.4 Description The Tutor LMS plugin for WordPress is affected by a sensitive information exposure issue. Authenticated attackers with tutor-level access or higher can view assignments from courses they are not...

4.3CVSS6.1AI score0.00178EPSS

Exploits0References6

Positive Technologies•added 2025/10/25 12:0 a.m.•4 views

PT-2025-43711

Name of the Vulnerable Software and Affected Versions Tutor LMS Pro versions prior to 3.8.4 Description The Tutor LMS Pro plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of proper validation on a user-controlled key when handling assignment...

5.4CVSS6.3AI score0.00148EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-11098

Malware in sbrugna...

8.8CVSS8.6AI score0.01439EPSS

Exploits2References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-11367

Malware in sbrugna...

5.4CVSS5.6AI score0.00747EPSS

Exploits2References2